Lucene search

DellCVELIST:CVE-2019-3712

HistoryMar 07, 2019 - 7:00 p.m.

CVE-2019-3712 DSA-2019-039: Dell Wyse Device Agent Buffer Overflow Vulnerability

2019-03-0719:00:00

dell

www.cve.org

CVSS3

8.2

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

EPSS

0.001

Percentile

44.6%

JSON

Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with privileges of the FTP client by sending specially crafted input data to the affected system. The FTP code that contained the vulnerability has been removed.

CNA Affected

[
  {
    "product": "Wyse Device Agent",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "14.1.2.9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Wyse ThinLinux HAgent",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "5.4.55 00.10",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/107376

www.dell.com/support/article/us/en/19/sln316391

CVSS3

8.2

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

EPSS

0.001

Percentile

44.6%

JSON

Related for CVELIST:CVE-2019-3712