Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.
References
| Link | Resource |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
28 Jul 2023, 16:47
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-532 | |
| CPE | cpe:2.3:h:dell:wyse_3040_thin_client:-:*:*:*:*:*:*:* cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:* cpe:2.3:o:dell:wyse_thinos:*:*:*:*:*:*:*:* cpe:2.3:h:dell:latitude_5440:-:*:*:*:*:*:*:* cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:*:*:*:*:*:*:* cpe:2.3:h:dell:latitude_3440:-:*:*:*:*:*:*:* cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:*:*:*:*:*:*:* cpe:2.3:h:dell:wyse_5070_thin_client:-:*:*:*:*:*:*:* cpe:2.3:h:dell:optiplex_5400:-:*:*:*:*:*:*:* cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
| References | (MISC) https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247 - Vendor Advisory | |
| First Time |
Dell
Dell wyse 3040 Thin Client Dell wyse 5070 Thin Client Dell latitude 5440 Dell latitude 3420 Dell optiplex 3000 Thin Client Dell wyse 5470 Mobile Thin Client Dell wyse 5470 All-in-one Thin Client Dell latitude 3440 Dell wyse Thinos Dell optiplex 5400 |
20 Jul 2023, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-07-20 13:15
Updated : 2023-07-28 16:47
NVD link : CVE-2023-32447
Mitre link : CVE-2023-32447
JSON object : View
Products Affected
dell
- optiplex_5400
- wyse_thinos
- latitude_3420
- latitude_3440
- latitude_5440
- wyse_5470_mobile_thin_client
- wyse_3040_thin_client
- optiplex_3000_thin_client
- wyse_5070_thin_client
- wyse_5470_all-in-one_thin_client
CWE
CWE-532
Insertion of Sensitive Information into Log File