Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

DSA-2021-069: Dell Wyse ThinOS 8.6 Security Update for an Improper Management Server Validation Vulnerability

Summary: Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that may potentially be exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file. ...

This article applies to   This article does not apply to 
Check out resources for

Impact

Medium

Details

Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2021-21532 Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file. 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2021-21532 Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file. 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

The following is a list of impacted products and remediations. Customers should use the latest releases available which use secure default configurations.
 
Product Affected Version(s)   Updated Version(s) Link to Update
Dell Wyse 3040 Thin Client (ENG) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 3040 Thin Client (ENG)
Dell Wyse 3040 Thin Client (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 3040 Thin Client (JPN)
Dell Wyse 3040 Thin Client with PCoIP (ENG) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 3040 Thin Client with PCoIP (ENG)
Dell Wyse 3040 Thin Client with PCoIP (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 3040 Thin Client with PCoIP (JPN)
Dell Wyse 5010 Thin Client (ENG) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5010 Thin Client (ENG)
Dell Wyse 5010 Thin Client (JPN) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5010 Thin Client (JPN)
Dell Wyse 5010 Thin Client with PCoIP (ENG) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5010 Thin Client with PCoIP (ENG)
Dell Wyse 5010 Thin Client with PCoIP (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5010 Thin Client with PCoIP (JPN)
Dell Wyse 5040 Thin Client (ENG) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5040 Thin Client (ENG)
Dell Wyse 5040 Thin Client (JPN) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5040 Thin Client (JPN)
Dell Wyse 5040 Thin Client with PCoIP (ENG) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5040 Thin Client with PCoIP (ENG)
Dell Wyse 5040 Thin Client with PCoIP (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5040 Thin Client with PCoIP (JPN)
Dell Wyse 5060 Thin Client (ENG) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5060 Thin Client (ENG)
Dell Wyse 5060 Thin Client (JPN) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5060 Thin Client (JPN)
Dell Wyse 5060 Thin Client with PCoIP (ENG) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5060 Thin Client with PCoIP (ENG)
Dell Wyse 5060 Thin Client with PCoIP (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5060 Thin Client with PCoIP (JPN)
Dell Wyse 5070 Thin Client (ENG) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5070 Thin Client (ENG)
Dell Wyse 5070 Thin Client (JPN) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5070 Thin Client (JPN)
Dell Wyse 5070 Thin Client with PCoIP (ENG) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5070 Thin Client with PCoIP (ENG)
Dell Wyse 5070 Thin Client with PCoIP (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5070 Thin Client with PCoIP (JPN)
Dell Wyse 5470 AIO Thin Client (ENG) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5470 AIO Thin Client (ENG)
Dell Wyse 5470 AIO Thin Client (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5470 AIO Thin Client (JPN)
Dell Wyse 5470 AIO Thin Client with PCoIP (ENG) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5470 AIO Thin Client with PCoIP (EN)
Dell Wyse 5470 AIO Thin Client with PCoIP (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5470 AIO Thin Client with PCoIP (JPN)
Dell Wyse 5470 Thin Client (ENG) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5470 Thin Client (ENG)
Dell Wyse 5470 Thin Client (JPN) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5470 Thin Client (JPN)
Dell Wyse 5470 Thin Client with PCoIP (ENG) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5470 Thin Client with PCoIP (ENG)
Dell Wyse 5470 Thin Client with PCoIP (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5470 Thin Client with PCoIP (JPN)
Dell Wyse 7010 Thin Client (EN) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 7010 Thin Client (ENG)
Dell Wyse 7010 thin client (JPN) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 7010 thin client (JPN)
The following is a list of impacted products and remediations. Customers should use the latest releases available which use secure default configurations.
 
Product Affected Version(s)   Updated Version(s) Link to Update
Dell Wyse 3040 Thin Client (ENG) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 3040 Thin Client (ENG)
Dell Wyse 3040 Thin Client (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 3040 Thin Client (JPN)
Dell Wyse 3040 Thin Client with PCoIP (ENG) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 3040 Thin Client with PCoIP (ENG)
Dell Wyse 3040 Thin Client with PCoIP (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 3040 Thin Client with PCoIP (JPN)
Dell Wyse 5010 Thin Client (ENG) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5010 Thin Client (ENG)
Dell Wyse 5010 Thin Client (JPN) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5010 Thin Client (JPN)
Dell Wyse 5010 Thin Client with PCoIP (ENG) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5010 Thin Client with PCoIP (ENG)
Dell Wyse 5010 Thin Client with PCoIP (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5010 Thin Client with PCoIP (JPN)
Dell Wyse 5040 Thin Client (ENG) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5040 Thin Client (ENG)
Dell Wyse 5040 Thin Client (JPN) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5040 Thin Client (JPN)
Dell Wyse 5040 Thin Client with PCoIP (ENG) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5040 Thin Client with PCoIP (ENG)
Dell Wyse 5040 Thin Client with PCoIP (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5040 Thin Client with PCoIP (JPN)
Dell Wyse 5060 Thin Client (ENG) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5060 Thin Client (ENG)
Dell Wyse 5060 Thin Client (JPN) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5060 Thin Client (JPN)
Dell Wyse 5060 Thin Client with PCoIP (ENG) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5060 Thin Client with PCoIP (ENG)
Dell Wyse 5060 Thin Client with PCoIP (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5060 Thin Client with PCoIP (JPN)
Dell Wyse 5070 Thin Client (ENG) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5070 Thin Client (ENG)
Dell Wyse 5070 Thin Client (JPN) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5070 Thin Client (JPN)
Dell Wyse 5070 Thin Client with PCoIP (ENG) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5070 Thin Client with PCoIP (ENG)
Dell Wyse 5070 Thin Client with PCoIP (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5070 Thin Client with PCoIP (JPN)
Dell Wyse 5470 AIO Thin Client (ENG) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5470 AIO Thin Client (ENG)
Dell Wyse 5470 AIO Thin Client (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5470 AIO Thin Client (JPN)
Dell Wyse 5470 AIO Thin Client with PCoIP (ENG) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5470 AIO Thin Client with PCoIP (EN)
Dell Wyse 5470 AIO Thin Client with PCoIP (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5470 AIO Thin Client with PCoIP (JPN)
Dell Wyse 5470 Thin Client (ENG) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5470 Thin Client (ENG)
Dell Wyse 5470 Thin Client (JPN) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5470 Thin Client (JPN)
Dell Wyse 5470 Thin Client with PCoIP (ENG) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 5470 Thin Client with PCoIP (ENG)
Dell Wyse 5470 Thin Client with PCoIP (JPN) Versions prior to 8.6 MR9
 		   8.6 MR9 Dell Wyse 5470 Thin Client with PCoIP (JPN)
Dell Wyse 7010 Thin Client (EN) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 7010 Thin Client (ENG)
Dell Wyse 7010 thin client (JPN) Versions prior to 8.6 MR9   8.6 MR9 Dell Wyse 7010 thin client (JPN)

Revision History

RevisionDateDescription
1.02021-3-31Initial Release

Acknowledgements

Dell would like to thank Emanuel Rodrigues for reporting this issue.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Wyse ThinOS

Products

Product Security Information