Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.
References
| Link | Resource |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
28 Jul 2023, 16:48
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Dell
Dell wyse 3040 Thin Client Dell wyse 5070 Thin Client Dell latitude 5440 Dell latitude 3420 Dell optiplex 3000 Thin Client Dell wyse 5470 Mobile Thin Client Dell wyse 5470 All-in-one Thin Client Dell latitude 3440 Dell wyse Thinos Dell optiplex 5400 |
|
| References | (MISC) https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
| CPE | cpe:2.3:h:dell:wyse_3040_thin_client:-:*:*:*:*:*:*:* cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:* cpe:2.3:h:dell:latitude_5440:-:*:*:*:*:*:*:* cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:*:*:*:*:*:*:* cpe:2.3:o:dell:wyse_thinos:9.4.1141:*:*:*:*:*:*:* cpe:2.3:h:dell:latitude_3440:-:*:*:*:*:*:*:* cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:*:*:*:*:*:*:* cpe:2.3:h:dell:wyse_5070_thin_client:-:*:*:*:*:*:*:* cpe:2.3:h:dell:optiplex_5400:-:*:*:*:*:*:*:* cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:* |
|
| CWE | CWE-532 |
20 Jul 2023, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-07-20 13:15
Updated : 2023-07-28 16:48
NVD link : CVE-2023-32446
Mitre link : CVE-2023-32446
JSON object : View
Products Affected
dell
- optiplex_5400
- wyse_thinos
- latitude_3420
- latitude_3440
- latitude_5440
- wyse_5470_mobile_thin_client
- wyse_3040_thin_client
- optiplex_3000_thin_client
- wyse_5070_thin_client
- wyse_5470_all-in-one_thin_client
CWE
CWE-532
Insertion of Sensitive Information into Log File