CVE-2023-33254
First published: Sun May 21 2023(Updated: )
There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quest Kace Systems Deployment Appliance | =9.0.146 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2023-33254.
What is the severity of CVE-2023-33254?
The severity of CVE-2023-33254 is medium with a score of 6.5.
What is the affected software of CVE-2023-33254?
The affected software of CVE-2023-33254 is Quest KACE Systems Deployment Appliance version 9.0.146.
How can an attacker exploit CVE-2023-33254?
An authenticated attacker can exploit CVE-2023-33254 by editing the user-authentication settings to specify an attack.
Is there a fix available for CVE-2023-33254?
Yes, a fix is available for CVE-2023-33254. Please refer to the provided reference link for more details.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/description
- agent/tags
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- vendor/quest
- canonical/quest kace systems deployment appliance
- version/quest kace systems deployment appliance/9.0.146