DSA-2022-035: Dell Wyse Device Agent Security Update for Multiple Vulnerabilities
Resumen: Dell Wyse Device Agent remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Impacto
Medium
Detalles
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-23156 | Wyse Device Agent version 14.6.1.4 and below contains an Improper Authentication vulnerability. A malicious user may potentially exploit this vulnerability by providing invalid input to obtain a connection to WMS server. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-23158 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with admin privilege may potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-23157 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. An authenticated malicious user may potentially exploit this vulnerability to view sensitive information from the WMS Server | 4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-23156 | Wyse Device Agent version 14.6.1.4 and below contains an Improper Authentication vulnerability. A malicious user may potentially exploit this vulnerability by providing invalid input to obtain a connection to WMS server. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-23158 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with admin privilege may potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-23157 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. An authenticated malicious user may potentially exploit this vulnerability to view sensitive information from the WMS Server | 4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Corrección y productos afectados
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Wyse Device Agent | 14.6.1.4 and earlier | 14.6.2.13 | Dell Wyse Device Agent |
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Wyse Device Agent | 14.6.1.4 and earlier | 14.6.2.13 | Dell Wyse Device Agent |
Historial de revisiones
| Revision | Date | Description |
| 1.0 | 2022-2-17 | Initial Release |
Información relacionada
Descargo de responsabilidad
Productos afectados
Product Security Information, Wyse Management SuitePropiedades del artículo
Número del artículo: 000196005
Tipo de artículo: Dell Security Advisory
Última modificación: 17 feb 2022
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.