CNNVD-202508-389 Information

Aug 05, 2025 cve

CNNVD ID

CNNVD-202508-389

CVE-2014-125113

CNNVD Published: 2025-08-05

Description (Chinese)

Dell KACE K1000 System Management Appliance是美国戴尔（Dell）公司的一款用于IT系统和资产管理的工具。 Dell KACE K1000 System Management Appliance 5.0至5.3版本、5.4 5.4.76849之前版本和5.5 5.5.90547之前版本存在安全漏洞，该漏洞源于未验证上传文件类型，可能导致任意文件上传和远程代码执行。

Description (English)

Dell KACE K1000 System Management Application is an IT system and asset management tool for Dell Corporation in the United States. Dell K1000 Systems Management Application 5.0-5.3, 5.4 5.4.76849 and 5.5.5.90547 have security gaps, which stem from the unverified type of uploading file and may lead to any uploading and remote code execution.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

戴尔

Published

2025-08-05

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/dell-quest-kace-k1000-unauth-file-upload-rce http://console-cowboys.blogspot.com/2014/03/the-curious-case-of-ninjamonkeypiratela.html https://www.exploit-db.com/exploits/39693 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/ https://access.redhat.com/security/cve/cve-2014-125113

Share on: