Lucene search

DellCVE-2022-34402

HistoryOct 10, 2022 - 9:15 p.m.

CVE-2022-34402

2022-10-1021:15:11

CWE-1333

dell

web.nvd.nist.gov

cve-2022-34402

dell

wyse

thinos

2205

regular expression

dos

vulnerability

nvd

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service.

Affected configurations

Nvd

Node

dellwyse_thinosRange<9.3.2102

AND

delllatitude_3420Match-

delloptiplex_3000_thin_clientMatch-

dellwyse_3040_thin_clientMatch-

dellwyse_5070_thin_clientMatch-

dellwyse_5470_all-in-one_thin_clientMatch-

dellwyse_5470_mobile_thin_clientMatch-

VendorProductVersionCPE
dellwyse_thinos*cpe:2.3:o:dell:wyse_thinos:*:*:*:*:*:*:*:*
delllatitude_3420-cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*
delloptiplex_3000_thin_client-cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*
dellwyse_3040_thin_client-cpe:2.3:h:dell:wyse_3040_thin_client:-:*:*:*:*:*:*:*
dellwyse_5070_thin_client-cpe:2.3:h:dell:wyse_5070_thin_client:-:*:*:*:*:*:*:*
dellwyse_5470_all-in-one_thin_client-cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:*:*:*:*:*:*:*
dellwyse_5470_mobile_thin_client-cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	wyse_thinos	*	cpe:2.3:o:dell:wyse_thinos::::::::
dell	latitude_3420	-	cpe:2.3:h:dell:latitude_3420:-:::::::*
dell	optiplex_3000_thin_client	-	cpe:2.3:h:dell:optiplex_3000_thin_client:-:::::::*
dell	wyse_3040_thin_client	-	cpe:2.3:h:dell:wyse_3040_thin_client:-:::::::*
dell	wyse_5070_thin_client	-	cpe:2.3:h:dell:wyse_5070_thin_client:-:::::::*
dell	wyse_5470_all-in-one_thin_client	-	cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:::::::*
dell	wyse_5470_mobile_thin_client	-	cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:::::::*

CNA Affected

[
  {
    "vendor": "Dell",
    "product": "Wyse Proprietary OS (Modern ThinOS)",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "ThinOS 2208",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000203376/dsa-2022-247-dell-wyse-thinos-security-update-for-a-regular-expression-vulnerability

Social References

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

Related for CVE-2022-34402