DSA-2022-035: Dell Wyse Device Agent Security Update for Multiple Vulnerabilities
Summary: Dell Wyse Device Agent remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Αυτό το άρθρο ισχύει για
Αυτό το άρθρο δεν ισχύει για
Αυτό το άρθρο δεν συνδέεται με κάποιο συγκεκριμένο προϊόν.
Δεν προσδιορίζονται όλες οι εκδόσεις προϊόντων σε αυτό το άρθρο.
Impact
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-23156 | Wyse Device Agent version 14.6.1.4 and below contains an Improper Authentication vulnerability. A malicious user may potentially exploit this vulnerability by providing invalid input to obtain a connection to WMS server. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-23158 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with admin privilege may potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-23157 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. An authenticated malicious user may potentially exploit this vulnerability to view sensitive information from the WMS Server | 4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-23156 | Wyse Device Agent version 14.6.1.4 and below contains an Improper Authentication vulnerability. A malicious user may potentially exploit this vulnerability by providing invalid input to obtain a connection to WMS server. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-23158 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with admin privilege may potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-23157 | Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. An authenticated malicious user may potentially exploit this vulnerability to view sensitive information from the WMS Server | 4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Επηρεαζόμενα προϊόντα και αποκατάσταση
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Wyse Device Agent | 14.6.1.4 and earlier | 14.6.2.13 | Dell Wyse Device Agent |
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Wyse Device Agent | 14.6.1.4 and earlier | 14.6.2.13 | Dell Wyse Device Agent |
Revision History
| Revision | Date | Description |
| 1.0 | 2022-2-17 | Initial Release |
Related Information
Νομική αποποίηση ευθύνης
Επηρεαζόμενα προϊόντα
Product Security Information, Wyse Management SuiteΙδιότητες άρθρου
Article Number: 000196005
Article Type: Dell Security Advisory
Τελευταία τροποποίηση: 17 Φεβ 2022
Βρείτε απαντήσεις στις ερωτήσεις σας από άλλους χρήστες της Dell
Υπηρεσίες υποστήριξης
Ελέγξτε αν η συσκευή σας καλύπτεται από τις Υπηρεσίες υποστήριξης.