DSA-2024-229: Security Update for Dell ThinOS Vulnerabilities

Summary: Dell ThinOS remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Third-party Component CVEs More Information
Liquidware CVE-2016-0718, CVE-2012-6702, CVE-2016-5300, CVE-2016-4472, CVE-2017-9233, CVE-2018-20843, CVE-2019-15903, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-23990, CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, CVE-2022-40674, CVE-2022-43680, CVE-2020-1968, CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2021-3712, CVE-2021-4160, CVE-2022-0778, CVE-2022-1292, CVE-2022-2068,  CVE-2024-0727, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-5678 See NVD link below for individual scores for each CVE
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Cisco Jabber CVE-2023-46218 See NVD link below for individual scores for each CVE
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Cisco Webex Meetings VDI CVE-2022-45142, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727, CVE-2022-41409, CVE-2021-38593, CVE-2021-45930, CVE-2022-25255, CVE-2022-25634, CVE-2023-24607, CVE-2023-32573, CVE-2023-33285, CVE-2023-32762, CVE-2023-32763, CVE-2023-34410, CVE-2023-38197, CVE-2023-37369, CVE-2023-43114, CVE-2023-51714, CVE-2017-10989, CVE-2018-8740, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358, CVE-2022-35737, CVE-2023-7104, CVE-2022-37434, CVE-2023-45853 See NVD link below for individual scores for each CVE
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Cisco Webex App VDI CVE-2022-45142, CVE-2017-10989, CVE-2018-8740, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358,  CVE-2022-35737 See NVD link below for individual scores for each CVE
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
VMWare Horizon Client CVE-2023-46218, CVE-2023-46219, CVE-2023-46218, CVE-2023-46219, CVE-2023-3316, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2650, CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, CVE-2024-0727 See NVD link below for individual scores for each CVE
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Zoom Universal CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363 See NVD link below for individual scores for each CVE
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Amazon WorkSpaces CVE-2023-52425, CVE-2023-52426, CVE-2023-52355, CVE-2021-30123, CVE-2021-33815, CVE-2021-38114, CVE-2021-38171, CVE-2022-1475, CVE-2022-3964, CVE-2022-3109, CVE-2022-3341, CVE-2022-48434, CVE-2023-46407, CVE-2023-47470, CVE-2024-22860, CVE-2024-22862, CVE-2024-22861, CVE-2023-45853 See NVD link below for individual scores for each CVE
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-30472 Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure.   7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-42423 Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering. 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-30472 Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure.   7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-42423 Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering. 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVE ID Product Software/Firmware Affected Versions Remediated Versions Release Date Link
CVE-2024-30472 ThinOS Telemetry Dashboard Telemetry Dashboard v1.0.0.8 on Thin OS 2402 Telemetry Dashboard v1.1.0.6 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Telemetry Dashboard v1.1.0.6 | Driver Details
CVE-2016-0718, CVE-2012-6702, CVE-2016-5300, CVE-2016-4472, CVE-2017-9233, CVE-2018-20843, CVE-2019-15903, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-23990, CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, CVE-2022-40674, CVE-2022-43680, CVE-2020-1968, CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2021-3712, CVE-2021-4160, CVE-2022-0778, CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-5678, CVE-2024-0727 ThinOS Liquidware
 
 		 Liquidware_Stratusphere_UX_Connector_ID_Agent_6.6.2.5.10 on Thin OS 2402 Liquidware_Stratusphere_UX_Connector_ID_Agent_6.7.0.2.2 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Liquidware Stratusphere UX Connector ID Agent v6.7.0.2.2 | Driver Details
 
CVE-2023-46218
 
 		 ThinOS  Cisco Jabber
 
 		 Cisco_Jabber_14.3.0.308378.8 on Thin OS 2402 Cisco_Jabber_14.3.0.308378.11 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Cisco Jabber package v14.3.0.308378.11 | Driver Details
CVE-2022-45142, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727, CVE-2022-41409, CVE-2021-38593, CVE-2021-45930, CVE-2022-25255, CVE-2022-25634, CVE-2023-24607, CVE-2023-32573, CVE-2023-33285, CVE-2023-32762, CVE-2023-32763, CVE-2023-34410, CVE-2023-38197, CVE-2023-37369, CVE-2023-43114, CVE-2023-51714, CVE-2017-10989, CVE-2018-8740, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358, CVE-2022-35737, CVE-2023-7104, CVE-2022-37434, CVE-2023-45853 ThinOS  Cisco Webex Meetings VDI
 		 Cisco_Webex_Meetings_VDI_43.10.2.11.3 on Thin OS 2402
 		  Cisco_Webex_Meetings_VDI_44.2.0.76.2 on Thin OS 2405
 		 05/30/2024 ThinOS 2405 (9.5.2109) Cisco Webex Meetings VDI package v44.2.0.76.2 | Driver Details
CVE-2022-45142, CVE-2017-10989, CVE-2018-8740, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358,  CVE-2022-35737 ThinOS  Cisco Webex App VDI  Cisco_Webex_App_VDI_43.10.0.27605.4 on Thin OS 2402 Cisco_Webex_App_VDI_44.2.0.28744.1 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Cisco Webex VDI package v44.2.0.28744.1 | Driver Details
CVE-2023-46218, CVE-2023-46219, CVE-2023-46218, CVE-2023-46219, CVE-2023-3316, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2650, CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, CVE-2024-0727 ThinOS VMWare Horizon Client  VMware_Horizon_2309.8.11.0.22660930.37 on Thin OS 2402  VMware_Horizon_2312.1.8.12.1.5 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) VMware Horizon package v2312.1.8.12.1.5 | Driver Details
CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363 ThinOS Zoom Universal  Zoom_Universal_5.16.10.24420.6 on Thin OS 2402  Zoom_Universal_5.17.10.24730.2 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Zoom Universal package v5.17.10.24730.2 | Driver Details
CVE-2023-52425, CVE-2023-52426, CVE-2023-52355, CVE-2021-30123, CVE-2021-33815, CVE-2021-38114, CVE-2021-38171, CVE-2022-1475, CVE-2022-3964, CVE-2022-3109, CVE-2022-3341, CVE-2022-48434, CVE-2023-46407, CVE-2023-47470, CVE-2024-22860, CVE-2024-22862, CVE-2024-22861, CVE-2023-45853 ThinOS Amazon WorkSpaces Amazon_WorkSpaces_Client_24.0.4697.3 on Thin OS 2402 Amazon_WorkSpaces_Client_ 24.0.4707.6 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Amazon WorkSpaces Client package v24.0.4707.6 | Driver Details
CVE-2024- 42423 ThinOS Citrix Workspace App Citrix_Workspace_App_23.9.0.24.4 on ThinOS 2402 Citrix_Workspace_App_24.2.0.65.17 on ThinOS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Citrix package v24.2.0.65.17 | Driver Details
CVE ID Product Software/Firmware Affected Versions Remediated Versions Release Date Link
CVE-2024-30472 ThinOS Telemetry Dashboard Telemetry Dashboard v1.0.0.8 on Thin OS 2402 Telemetry Dashboard v1.1.0.6 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Telemetry Dashboard v1.1.0.6 | Driver Details
CVE-2016-0718, CVE-2012-6702, CVE-2016-5300, CVE-2016-4472, CVE-2017-9233, CVE-2018-20843, CVE-2019-15903, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-23990, CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, CVE-2022-40674, CVE-2022-43680, CVE-2020-1968, CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2021-3712, CVE-2021-4160, CVE-2022-0778, CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-5678, CVE-2024-0727 ThinOS Liquidware
 
 		 Liquidware_Stratusphere_UX_Connector_ID_Agent_6.6.2.5.10 on Thin OS 2402 Liquidware_Stratusphere_UX_Connector_ID_Agent_6.7.0.2.2 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Liquidware Stratusphere UX Connector ID Agent v6.7.0.2.2 | Driver Details
 
CVE-2023-46218
 
 		 ThinOS  Cisco Jabber
 
 		 Cisco_Jabber_14.3.0.308378.8 on Thin OS 2402 Cisco_Jabber_14.3.0.308378.11 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Cisco Jabber package v14.3.0.308378.11 | Driver Details
CVE-2022-45142, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727, CVE-2022-41409, CVE-2021-38593, CVE-2021-45930, CVE-2022-25255, CVE-2022-25634, CVE-2023-24607, CVE-2023-32573, CVE-2023-33285, CVE-2023-32762, CVE-2023-32763, CVE-2023-34410, CVE-2023-38197, CVE-2023-37369, CVE-2023-43114, CVE-2023-51714, CVE-2017-10989, CVE-2018-8740, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358, CVE-2022-35737, CVE-2023-7104, CVE-2022-37434, CVE-2023-45853 ThinOS  Cisco Webex Meetings VDI
 		 Cisco_Webex_Meetings_VDI_43.10.2.11.3 on Thin OS 2402
 		  Cisco_Webex_Meetings_VDI_44.2.0.76.2 on Thin OS 2405
 		 05/30/2024 ThinOS 2405 (9.5.2109) Cisco Webex Meetings VDI package v44.2.0.76.2 | Driver Details
CVE-2022-45142, CVE-2017-10989, CVE-2018-8740, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358,  CVE-2022-35737 ThinOS  Cisco Webex App VDI  Cisco_Webex_App_VDI_43.10.0.27605.4 on Thin OS 2402 Cisco_Webex_App_VDI_44.2.0.28744.1 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Cisco Webex VDI package v44.2.0.28744.1 | Driver Details
CVE-2023-46218, CVE-2023-46219, CVE-2023-46218, CVE-2023-46219, CVE-2023-3316, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2650, CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, CVE-2024-0727 ThinOS VMWare Horizon Client  VMware_Horizon_2309.8.11.0.22660930.37 on Thin OS 2402  VMware_Horizon_2312.1.8.12.1.5 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) VMware Horizon package v2312.1.8.12.1.5 | Driver Details
CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363 ThinOS Zoom Universal  Zoom_Universal_5.16.10.24420.6 on Thin OS 2402  Zoom_Universal_5.17.10.24730.2 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Zoom Universal package v5.17.10.24730.2 | Driver Details
CVE-2023-52425, CVE-2023-52426, CVE-2023-52355, CVE-2021-30123, CVE-2021-33815, CVE-2021-38114, CVE-2021-38171, CVE-2022-1475, CVE-2022-3964, CVE-2022-3109, CVE-2022-3341, CVE-2022-48434, CVE-2023-46407, CVE-2023-47470, CVE-2024-22860, CVE-2024-22862, CVE-2024-22861, CVE-2023-45853 ThinOS Amazon WorkSpaces Amazon_WorkSpaces_Client_24.0.4697.3 on Thin OS 2402 Amazon_WorkSpaces_Client_ 24.0.4707.6 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Amazon WorkSpaces Client package v24.0.4707.6 | Driver Details
CVE-2024- 42423 ThinOS Citrix Workspace App Citrix_Workspace_App_23.9.0.24.4 on ThinOS 2402 Citrix_Workspace_App_24.2.0.65.17 on ThinOS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Citrix package v24.2.0.65.17 | Driver Details

Workarounds & Mitigations

CVE ID Workaround and Mitigation
CVE-2024-42423 For ThinOS 2311, upgrade Citrix Workspace App
For ThinOS 2402, upgrade Citrix Workspace App

Revision History

Revision DateDescription
1.02024-06-12Initial Release
2.02024-07-19Removed CVE-2023-5217 from Third-Party Component Table and the Affected Products and Remediation Table 
3.02024-08-26Updated Affected Products and Remediation section:  Added Amazon Workspaces 
4.02024-09-09Updated CVE IDENTIFIER, PROPRIETARY CODE and Affected Products and Remediation section: Added CVE-2024-42423
5.02024-10-01Updated CVE Identifier, Third Party Components, and Affected Products and Remediation section: Updated CVE list for Cisco Webex App VDI

Acknowledgements

CVE-2024-30472: Dell would like to thank matrixpdb for reporting this issue.
 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Dell ThinOS
Article Properties
Article Number: 000225289
Article Type: Dell Security Advisory
Last Modified: 01 Oct 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.