Lucene search

DellCVELIST:CVE-2021-21532

HistoryApr 02, 2021 - 9:20 p.m.

CVE-2021-21532

2021-04-0221:20:14

CWE-16

dell

www.cve.org

dell wyse thinos

management server validation

vulnerability

exploit

device configuration

certificate file

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

25.0%

JSON

Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file.

CNA Affected

[
  {
    "product": "Wyse Proprietary OS (ThinOS)",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "ThinOS 8.6 MR9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000184665/dsa-2021-069-dell-wyse-thinos-8-6-security-update-for-an-improper-management-server-validation-vulnerabilitydsa-2021-069-dell-wyse-thinos-8-6-security-update-for-an-improper-management-server-validation-

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

25.0%

JSON

Related for CVELIST:CVE-2021-21532