Lucene search

[email protected]NVD:CVE-2022-33927

HistoryAug 10, 2022 - 5:15 p.m.

CVE-2022-33927

2022-08-1017:15:08

CWE-384

[email protected]

web.nvd.nist.gov

dell wyse management suite

session fixation

vulnerability

unauthenticated attacker

user session hijack

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

33.2%

JSON

Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. A unauthenticated attacker could exploit this by taking advantage of a user with multiple active sessions in order to hijack a user’s session.

Affected configurations

Nvd

Node

dellwyse_management_suiteRange<3.8.0

VendorProductVersionCPE
dellwyse_management_suite*cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	wyse_management_suite	*	cpe:2.3:a:dell:wyse_management_suite::::::::

References

www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

33.2%

JSON

Related for NVD:CVE-2022-33927

cve1 cnvd1 cvelist1 prion1 nessus1