Connect with us

Hi, what are you looking for?


Network Security

Serious Vulnerabilities Found in Kace K1000 Appliance

Several vulnerabilities have been found and patched in the Kace K1000 systems management appliance from Quest.

Several vulnerabilities have been found and patched in the Kace K1000 systems management appliance from Quest.

The impacted appliance allows enterprises to manage their network-connected devices, including to inventory hardware and software, patch applications and operating systems, and ensure software license compliance. The product was at one point offered by Dell, which acquired Quest in 2012 and sold it to Francisco Partners and Elliott Management Corporation in 2016.

According to an advisory published by the CERT Coordination Center (CERT/CC) at Carnegie Mellon University, the Kace K1000 appliance is affected by several vulnerabilities and configuration issues found by researcher Kapil Khot.

Khot discovered several blind SQL injection flaws, collectively tracked as CVE-2018-5404, that allow a remote, authenticated attacker with “User Console Only” privileges to obtain data from the application’s database, including sensitive information.

An attacker with the same privileges can also inject arbitrary JavaScript code into the tickets page (CVE-2018-5405). This can allow the attacker to hijack legitimate sessions, including the one of an administrator.

“Script execution could allow a malicious user of the system to steal session cookies of other users including Administrator and take over their session. This can further be exploited to launch other attacks,” CERT/CC said in its advisory. “The software also does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.”

The researcher also found that a remote and unauthenticated attacker could conduct actions such as adding a new admin account or changing the appliance’s settings by exploiting a misconfiguration related to the Cross-Origin Resource Sharing (CORS) mechanism. This issue is tracked as CVE-2018-5406.

Advertisement. Scroll to continue reading.

The issues have been fixed with the release of a patch, SEC2018_20180410, which is included in version 9.0.270 and later, CERT/CC said. Quest customers can obtain additional information from the vendor’s advisory (registration required for full details).

Last year, Core Security reported discovering a total of more than 60 vulnerabilities in disk backup and system management appliances from Quest, including Kace appliances. The vendor released patches at the time, but threatened to take legal action against Core if it disclosed too many details.

Related: Cisco Warns of Zero-Day Vulnerability in Security Appliances

Related: Cisco Patches Privilege Escalation Vulnerability in Adaptive Security Appliance

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...