CVE-2014-1671:Multiple SQL injection vulnerabilities in Dell KACE K1000 (version 5.4.76847 and possibly earlier) allow remote attackers or remote authenticated users to execute arbitrary SQL commands via input in several endpoints: the macAddress field in the getUploadPath or getKBot SOAP requests to service/kbot_service.php; the ID parameter in userui/advisory_detail.php or userui/ticket.php; and the ORDER[] parameter in userui/ticket_list.php.

splash
Back

Description Preview

Dell KACE K1000 versions 5.4.76847 and, potentially, earlier releases contain multiple SQL injection vulnerabilities that can be exploited by remote attackers or remote authenticated users to run arbitrary SQL commands against the backend database. The weaknesses arise in input handling for specific endpoints: the macAddress element in the getUploadPath or getKBot SOAP requests to service/kbot_service.php; the ID parameter in userui/advisory_detail.php or userui/ticket.php; and the ORDER[] parameter to userui/ticket_list.php. Successful exploitation can lead to unauthorized data access, modification, or other impacts typical of SQL injection. The CVE identifier for this issue is CVE-2014-1671. Related advisories and references include Secunia 56396, IBM X-Force vulnerability 90592, the Dell/BAE Detica advisory DS-2014-001, and BID 65029.

Overview

This CVE describes multiple SQL injection flaws in Dell KACE K1000 affecting the web-facing and SOAP endpoints, which can be exploited to execute SQL commands via crafted input in several parameters. The vulnerabilities potentially affect remote attackers or remote authenticated users, depending on the exposed interfaces, and threaten confidentiality, integrity, and availability of data managed by the K1000 appliance.

Remediation

  • Apply the vendor-provided patch or upgrade to the latest Dell KACE K1000 version that addresses DS-2014-001; confirm with Dell that the version you deploy contains the fix for CVE-2014-1671.
  • If an immediate upgrade is not possible, implement compensating controls:
    • Restrict network access to the affected endpoints (e.g., kbot_service.php, advisory_detail.php, ticket.php, ticket_list.php) to trusted networks or via VPN.
    • Disable or harden the affected SOAP and web UI endpoints if feasible, or place them behind additional authentication/authorization checks.
    • Deploy a web application firewall or IDS/IPS with rules to detect and block SQL injection payloads targeting these endpoints.
    • Ensure input validation and use of parameterized queries in any custom code or third-party modules; review and sanitize all user-supplied data.
  • Harden authentication and access controls; rotate credentials for administrative accounts after patching.
  • Monitor and alert on unusual activity targeting the affected endpoints (e.g., unexpected SQL-like payloads, requests with anomalous macAddress, ID, or ORDER[] values).
  • Test remediation in a staging environment by attempting known payloads to confirm that the vulnerabilities are mitigated.
  • Establish a maintenance plan to keep systems up to date with security fixes.

References

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services: Low
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  5. Construction: Low
    Construction
  6. Educational Services: Low
    Educational Services
  7. Finance and Insurance: Low
    Finance and Insurance
  8. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  9. Information: Low
    Information
  10. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  11. Manufacturing: Low
    Manufacturing
  12. Mining: Low
    Mining
  13. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  15. Public Administration: Low
    Public Administration
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Retail Trade: Low
    Retail Trade
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background