Insecure configuration in Dell Wyse ThinOS

#VU49116 Insecure configuration in Dell Wyse ThinOS

Published: 2020-12-21

Vulnerability identifier: #VU49116

Vulnerability risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-29491

CWE-ID: CWE-16

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Dell Wyse ThinOS
Hardware solutions / Firmware

Vendor: Dell

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insecure default configuration. A remote non-authenticated attacker can gain access to sensitive information and compromise affected thin clients.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Dell Wyse ThinOS: 8.6_019 - 8.6_511

External links
http://www.dell.com/support/kbdoc/cs-cz/000180768/dsa-2020-281

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell Wyse ThinOS