Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The Quest Kace K1000 Appliance misconfigures the Cross-Origin Resource Sharing (CORS) mechanism.
Vulnerability Description
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator account or changing the appliance’s settings. A malicious internal user could also gain administrator privileges of this appliance and use it to visit a malicious link that exploits this vulnerability. This could cause the application to perform sensitive actions such as adding a new administrator account or changing the appliance’s settings. An unauthenticated, remote attacker could add an administrator-level account or change the appliance's settings.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Quest Software Kace K1000 Appliance 权限许可和访问控制问题漏洞
Vulnerability Description
Quest Software Kace K1000 Appliance是美国Quest Software公司的一款系统管理设备。该产品主要用于软件许可证管理、补丁和端点安全管理、软件分发和服务器监控等功能。 Quest Kace K1000 Appliance 9.0.270之前版本中存在权限许可和访问控制问题漏洞,该漏洞源于程序没有正确地配置CORS机制。攻击者可利用该漏洞执行敏感操作,例如:添加管理员账户或更改设备配置。
CVSS Information
N/A
Vulnerability Type
N/A