Lucene search

DellCVELIST:CVE-2022-23155

HistoryFeb 17, 2022 - 12:00 a.m.

CVE-2022-23155

2022-02-1700:00:00

CWE-434

dell

www.cve.org

dell wyse

management suite

file upload

vulnerability

arbitrary code

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.2%

JSON

Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system.

CNA Affected

[
  {
    "product": "Wyse Management Suite",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "3.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000195918

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.2%

JSON

Related for CVELIST:CVE-2022-23155