Lucene search
HistoryOct 03, 2022 - 4:24 p.m.
CVE-2009-0695
cve-2009-0695
wyse device manager
wdm 4.7.x
authentication bypass
remote attack
management access
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.7 Medium
AI Score
Confidence
Low
0.741 High
EPSS
Percentile
98.1%
hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.
Affected configurations
Node
dellwyse_device_managerMatch4.7.0
ORdellwyse_device_managerMatch4.7.1
ORdellwyse_device_managerMatch4.7.2
Related
packetstorm
packetstorm
Wyse Rapport Hagent Fake Hserver Command Execution
2009-10-28 00:00:00
Wyse Machine Remote Power Off Denial Of Service
2012-06-14 00:00:00
cvelist
cvelist
CVE-2009-0695
2022-10-03 16:24:10
exploitdb
exploitdb
Wyse Rapport Hagent Fake Hserver Command Execution
2010-11-11 00:00:00
prion
prion
Authentication flaw
2012-06-19 20:55:00
nvd
nvd
CVE-2009-0695
2012-06-19 20:55:02
nessus
nessus
Wyse Device Manager Buffer Overflow
2009-07-21 00:00:00
cert
cert
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.7 Medium
AI Score
Confidence
Low
0.741 High
EPSS
Percentile
98.1%
Related for CVE-2009-0695