CVE-2023-33254 - Quest Kace Systems Deployment Appliance

Moderate 6.5

There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials.

Affected software

Quest Kace Systems Deployment Appliance

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.