Lucene search

DellCVE-2024-42427

HistorySep 10, 2024 - 8:15 a.m.

CVE-2024-42427

2024-09-1008:15:02

CWE-77

dell

web.nvd.nist.gov

dell thinos

command injection

cve-2024-42427

elevation of privileges

vulnerability

CVSS3

7.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.6%

JSON

Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of privileges.

Affected configurations

Vulnrichment

Node

dellwyse_thinosMatch2402

dellwyse_thinosMatch2405

VendorProductVersionCPE
dellwyse_thinos2402cpe:2.3:o:dell:wyse_thinos:2402:*:*:*:*:*:*:*
dellwyse_thinos2405cpe:2.3:o:dell:wyse_thinos:2405:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	wyse_thinos	2402	cpe:2.3:o:dell:wyse_thinos:2402:::::::*
dell	wyse_thinos	2405	cpe:2.3:o:dell:wyse_thinos:2405:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Wyse Proprietary OS (Modern ThinOS)",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "Dell ThinOS 2402"
      },
      {
        "status": "affected",
        "version": "Dell ThinOS 2405"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000228350/dsa-2024-386

CVSS3

7.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.6%

JSON

Related for CVE-2024-42427