Lucene search

DellCVE-2023-32455

HistoryJul 20, 2023 - 1:15 p.m.

CVE-2023-32455

2023-07-2013:15:11

CWE-312

CWE-532

dell

web.nvd.nist.gov

cve-2023-32455

dell

wyse

thinos

vulnerability

information disclosure

nvd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.

Affected configurations

Nvd

Node

dellwyse_thinosRange≤9.3.2102

AND

delllatitude_3420Match-

delllatitude_3440Match-

delllatitude_5440Match-

delloptiplex_3000_thin_clientMatch-

delloptiplex_5400Match-

dellwyse_3040_thin_clientMatch-

dellwyse_5070_thin_clientMatch-

dellwyse_5470_all-in-one_thin_clientMatch-

dellwyse_5470_mobile_thin_clientMatch-

VendorProductVersionCPE
dellwyse_thinos*cpe:2.3:o:dell:wyse_thinos:*:*:*:*:*:*:*:*
delllatitude_3420-cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*
delllatitude_3440-cpe:2.3:h:dell:latitude_3440:-:*:*:*:*:*:*:*
delllatitude_5440-cpe:2.3:h:dell:latitude_5440:-:*:*:*:*:*:*:*
delloptiplex_3000_thin_client-cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*
delloptiplex_5400-cpe:2.3:h:dell:optiplex_5400:-:*:*:*:*:*:*:*
dellwyse_3040_thin_client-cpe:2.3:h:dell:wyse_3040_thin_client:-:*:*:*:*:*:*:*
dellwyse_5070_thin_client-cpe:2.3:h:dell:wyse_5070_thin_client:-:*:*:*:*:*:*:*
dellwyse_5470_all-in-one_thin_client-cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:*:*:*:*:*:*:*
dellwyse_5470_mobile_thin_client-cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	wyse_thinos	*	cpe:2.3:o:dell:wyse_thinos::::::::
dell	latitude_3420	-	cpe:2.3:h:dell:latitude_3420:-:::::::*
dell	latitude_3440	-	cpe:2.3:h:dell:latitude_3440:-:::::::*
dell	latitude_5440	-	cpe:2.3:h:dell:latitude_5440:-:::::::*
dell	optiplex_3000_thin_client	-	cpe:2.3:h:dell:optiplex_3000_thin_client:-:::::::*
dell	optiplex_5400	-	cpe:2.3:h:dell:optiplex_5400:-:::::::*
dell	wyse_3040_thin_client	-	cpe:2.3:h:dell:wyse_3040_thin_client:-:::::::*
dell	wyse_5070_thin_client	-	cpe:2.3:h:dell:wyse_5070_thin_client:-:::::::*
dell	wyse_5470_all-in-one_thin_client	-	cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:::::::*
dell	wyse_5470_mobile_thin_client	-	cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Wyse Proprietary OS (Modern ThinOS)",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "2208 (9.3.2102) and below "
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-32455