virus logo Intrusion Prevention

Dell.KACE.K1000.Arbitrary.File.Upload

description-logoDescription

This indicates an attack attempt against an Arbitrary File Upload vulnerability in Kace K1000.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted file upload request. A remote attacker can exploit this to execute arbitrary code within context of the affected application via a crafted file upload request.

affected-products-logoAffected Products

Kace K1000 version 5.0 to 5.3
Kace K1000 version 5.4.76849 and 5.4 prior
Kace K1000 version 5.5.90547 and 5.5 prior

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary code in the context of the affected user

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 42495
Created Jun 14, 2016
Updated Aug 29, 2018
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Default Action drop
Active
Affected OS Linux, BSD
Affected App Other