Lucene search

[email protected]CVE-2022-34402

HistoryOct 10, 2022 - 9:15 p.m.

CVE-2022-34402

2022-10-1021:15:11

CWE-1333

[email protected]

web.nvd.nist.gov

cve-2022-34402

dell

wyse

thinos

2205

regular expression

dos

vulnerability

nvd

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.9%

JSON

Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service.

Affected configurations

NVD

Node

dellwyse_thinosRange<9.3.2102

AND

delllatitude_3420Match-

delloptiplex_3000_thin_clientMatch-

dellwyse_3040_thin_clientMatch-

dellwyse_5070_thin_clientMatch-

dellwyse_5470_all-in-one_thin_clientMatch-

dellwyse_5470_mobile_thin_clientMatch-

CPENameOperatorVersion
dell:wyse_thinosdell wyse thinoslt9.3.2102

CPE	Name	Operator	Version
dell:wyse_thinos	dell wyse thinos	lt	9.3.2102

CNA Affected

[
  {
    "vendor": "Dell",
    "product": "Wyse Proprietary OS (Modern ThinOS)",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "ThinOS 2208",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000203376/dsa-2022-247-dell-wyse-thinos-security-update-for-a-regular-expression-vulnerability

Social References

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.9%

JSON

Related for CVE-2022-34402

nvd1 cvelist1 prion1 cnvd1