Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000186134


DSA-2021-096: Dell Wyse Windows Embedded System Security Update for an Improper Authorization Vulnerability

Summary: Dell Wyse Windows Embedded System (WIE10 LTSC 2019) Security update contains remediation for an improper authorization vulnerability.

Article Content


Impact

Medium

Details

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021- 21552 Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system. 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021- 21552 Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system. 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Versions Updated Versions Link to Update  

Dell Wyse 5070 Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5070 Thin Client

 

Dell Wyse 5470 Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5470 Thin Client

 

Dell Wyse 5470 All-In-One Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5470 All-In-One Thin Client

 
 
 
Product Affected Versions Updated Versions Link to Update  

Dell Wyse 5070 Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5070 Thin Client

 

Dell Wyse 5470 Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5470 Thin Client

 

Dell Wyse 5470 All-In-One Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5470 All-In-One Thin Client

 
 
 
Acknowledgements

Dell would like to thank Alessandro Baldini and Alessio D'Anastasio for reporting this issue.

Revision History

RevisionDateDescription
1.02021-05-11Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

Product Security Information, Wyse 5070 Thin Client, Wyse 5470 All-In-One, Wyse 5470

Last Published Date

18 Jun 2021

Version

3

Article Type

Dell Security Advisory