Insecure configuration in Dell Wyse ThinOS

#VU49115 Insecure configuration in Dell Wyse ThinOS

Published: 2020-12-21

Vulnerability identifier: #VU49115

Vulnerability risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-29492

CWE-ID: CWE-16

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Dell Wyse ThinOS
Hardware solutions / Firmware

Vendor: Dell

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insecure default configuration. A remote non-authenticated attacker can modify configuration of any target specific station.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Dell Wyse ThinOS: 8.3.0 - 8.6_511

External links
http://www.dell.com/support/kbdoc/cs-cz/000180768/dsa-2020-281

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell Wyse ThinOS