Vulnerability Description
Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Kace K1000 Systems Management Appliance Software | 5.4.76847 |
| Dell | Kace K1000 Systems Management Virtual Appliance | - |
| Dell | Kace K1000 Systems Management Appliance | - |
| Dell | Kace K1100S Systems Management Appliance | - |
| Dell | Kace K1200S Systems Management Appliance | - |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/56396Vendor Advisory
- http://www.baesystemsdetica.com.au/Research/Advisories/Dell-KACE-K1000-SQL-Injec
- http://www.securityfocus.com/bid/65029
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90592
- http://secunia.com/advisories/56396Vendor Advisory
- http://www.baesystemsdetica.com.au/Research/Advisories/Dell-KACE-K1000-SQL-Injec
- http://www.securityfocus.com/bid/65029
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90592
FAQ
What is CVE-2014-1671?
CVE-2014-1671 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress eleme...
How severe is CVE-2014-1671?
CVE-2014-1671 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1671?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Kace K1000 Systems Management Appliance Software, Dell Kace K1000 Systems Management Virtual Appliance, Dell Kace K1000 Systems Management Appliance, Dell Kace K1100S Systems Management Appliance, Dell Kace K1200S Systems Management Appliance.