Lucene search

DellVULNRICHMENT:CVE-2024-28963

HistoryApr 24, 2024 - 7:54 a.m.

CVE-2024-28963

2024-04-2407:54:11

CWE-200

dell

github.com

telemetry

dell thinos

information disclosure

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:dell:wyse_thinos:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "wyse_thinos",
    "versions": [
      {
        "status": "affected",
        "version": "*"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.dell.com/support/kbdoc/en-us/000224317/dsa-2024-170

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-28963