Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

DSA-2021-096: Dell Wyse Windows Embedded System Security Update for an Improper Authorization Vulnerability

Summary: Dell Wyse Windows Embedded System (WIE10 LTSC 2019) Security update contains remediation for an improper authorization vulnerability.

This article applies to   This article does not apply to 
Check out resources for

Impact

Medium

Details

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021- 21552 Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system. 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021- 21552 Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system. 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Updated Versions Link to Update  

Dell Wyse 5070 Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5070 Thin Client

 

Dell Wyse 5470 Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5470 Thin Client

 

Dell Wyse 5470 All-In-One Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5470 All-In-One Thin Client

  
 
 
Product Affected Versions Updated Versions Link to Update  

Dell Wyse 5070 Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5070 Thin Client

 

Dell Wyse 5470 Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5470 Thin Client

 

Dell Wyse 5470 All-In-One Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5470 All-In-One Thin Client

  
 
 

Revision History

RevisionDateDescription
1.02021-05-11Initial Release

Acknowledgements

Dell would like to thank Alessandro Baldini and Alessio D'Anastasio for reporting this issue.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Product Security Information, Wyse 5070 Thin Client, Wyse 5470 All-In-One, Wyse 5470