Lucene search
HistoryJun 19, 2012 - 8:55 p.m.
CVE-2009-0695
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
Low
0.741 High
EPSS
Percentile
98.1%
hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.
Affected configurations
Node
dellwyse_device_managerMatch4.7.0
ORdellwyse_device_managerMatch4.7.1
ORdellwyse_device_managerMatch4.7.2
Related
packetstorm
packetstorm
Wyse Rapport Hagent Fake Hserver Command Execution
2009-10-28 00:00:00
Wyse Machine Remote Power Off Denial Of Service
2012-06-14 00:00:00
cvelist
cvelist
CVE-2009-0695
2022-10-03 16:24:10
cve
cve
CVE-2009-0695
2022-10-03 16:24:10
exploitdb
exploitdb
Wyse Rapport Hagent Fake Hserver Command Execution
2010-11-11 00:00:00
prion
prion
Authentication flaw
2012-06-19 20:55:00
nessus
nessus
Wyse Device Manager Buffer Overflow
2009-07-21 00:00:00
cert
cert
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
Low
0.741 High
EPSS
Percentile
98.1%
Related for NVD:CVE-2009-0695