Lucene search

DellCVE-2022-33928

HistoryAug 10, 2022 - 5:15 p.m.

CVE-2022-33928

2022-08-1017:15:08

CWE-256

CWE-312

dell

web.nvd.nist.gov

cve-2022-33928

dell wyse management suite

plain-text password storage

vulnerability

credentials disclosure

security flaw

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

34.0%

JSON

Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Affected configurations

Nvd

Vulners

Node

dellwyse_management_suiteRange<3.8.0

VendorProductVersionCPE
dellwyse_management_suite*cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	wyse_management_suite	*	cpe:2.3:a:dell:wyse_management_suite::::::::

CNA Affected

[
  {
    "product": "Wyse Management Suite",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "3.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities

Social References

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

34.0%

JSON

Related for CVE-2022-33928