Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

DSA-2021-096: Dell Wyse Windows Embedded System Security Update for an Improper Authorization Vulnerability

Summary: Dell Wyse Windows Embedded System (WIE10 LTSC 2019) Security update contains remediation for an improper authorization vulnerability.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Impact

Medium

Details

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021- 21552 Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system. 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021- 21552 Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system. 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Updated Versions Link to Update  

Dell Wyse 5070 Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5070 Thin Client

 

Dell Wyse 5470 Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5470 Thin Client

 

Dell Wyse 5470 All-In-One Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5470 All-In-One Thin Client

 
 
 
Product Affected Versions Updated Versions Link to Update  

Dell Wyse 5070 Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5070 Thin Client

 

Dell Wyse 5470 Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5470 Thin Client

 

Dell Wyse 5470 All-In-One Thin Client

Versions WIE10 LTSC 2019 and earlier

Security Update

 Dell Wyse 5470 All-In-One Thin Client

 
 
 

Revision History

RevisionDateDescription
1.02021-05-11Initial Release

Acknowledgements

Dell would like to thank Alessandro Baldini and Alessio D'Anastasio for reporting this issue.

Related Information

Affected Products

Product Security Information, Wyse 5070 Thin Client, Wyse 5470 All-In-One, Wyse 5470
Article Properties
Article Number: 000186134
Article Type: Dell Security Advisory
Last Modified: 18 Jun 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.