Skip to main content

DSA-2024-463: Dell ThinOS Security Update for Multiple Third-Party Vulnerabilities

Summary: Dell ThinOS remediation is available for multiple Third-Party vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Impact

Critical

Details

Third-party Component CVEs More Information
Cisco Jabber CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27780 , CVE-2022-27781, CVE-2022-27782, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-35252, CVE-2022-42916, CVE-2022-42915, CVE-2022-32221, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2024-7264, CVE-2023-46219, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727, CVE-2021-38593, CVE-2021-45930, CVE-2022-25255, CVE-2022-25634, CVE-2021-3481, CVE-2023-24607, CVE-2023-32573, CVE-2023-33285, CVE-2023-32762, CVE-2023-32763, CVE-2023-34410, CVE-2023-38197, CVE-2021-28025, CVE-2023-37369, CVE-2023-43114, CVE-2023-51714, CVE-2024-39936, CVE-2023-52355, CVE-2024-25062

See NVD Link below for individual scores for each CVE. http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Cisco Webex Meetings VDI CVE-2024-7264

See NVD Link below for individual scores for each CVE. http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Cisco Webex App VDI CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727

See NVD Link below for individual scores for each CVE. http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Citrix Workspace App CVE-2020-10029, CVE-2020-6096, CVE-2020-1752, CVE-2020-29562, CVE-2019-25013, CVE-2021-3326, CVE-2021-27645, CVE-2020-27618, CVE-2021-35942, CVE-2021-38604, CVE-2022-23218, CVE-2022-23219, CVE-2023-0687, CVE-2023-4813, CVE-2023-4527, CVE-2001-0034, CVE-2017-11103, CVE-2017-6594, CVE-2017-17439, CVE-2019-12098, CVE-2018-16860, CVE-2022-41916, CVE-2022-44640, CVE-2022-42898, CVE-2021-44758, CVE-2022-3116, CVE-2014-6272, CVE-2013-0340, CVE-2021-29338, CVE-2022-1122, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-7104, CVE-2022-37434

See NVD Link below for individual scores for each CVE. http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2024-53290

Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution

8.4

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-53289

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2024-53290

Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution

8.4

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-53289

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Release Date

Link

CVE-2022-22576,  CVE-2022-27774,  CVE-2022-27775,  CVE-2022-27776,  CVE-2022-27780 ,  CVE-2022-27781,  CVE-2022-27782,  CVE-2022-32205,  CVE-2022-32206,  CVE-2022-32207, CVE-2022-32208,  CVE-2022-35252,  CVE-2022-42916,  CVE-2022-42915,  CVE-2022-32221,  CVE-2022-43551,  CVE-2022-43552,  CVE-2023-23914,  CVE-2023-23915,  CVE-2023-23916,  CVE-2023-27533,  CVE-2023-27534,  CVE-2023-27535,  CVE-2023-27536,  CVE-2023-27538,  CVE-2023-28319,  CVE-2023-28320,  CVE-2023-28321,  CVE-2023-28322,  CVE-2023-38545,  CVE-2023-38546,  CVE-2023-46218,  CVE-2024-7264,  CVE-2023-46219,  CVE-2022-2097,  CVE-2022-4304,  CVE-2022-4450,  CVE-2023-0215,  CVE-2023-0286,  CVE-2023-0464,  CVE-2023-0465,  CVE-2023-0466,  CVE-2023-2650,  CVE-2023-3817,  CVE-2023-4807,  CVE-2023-5678,  CVE-2024-0727,  CVE-2021-38593,  CVE-2021-45930,  CVE-2022-25255,  CVE-2022-25634,  CVE-2021-3481,  CVE-2023-24607,  CVE-2023-32573,  CVE-2023-33285,  CVE-2023-32762,  CVE-2023-32763,  CVE-2023-34410,  CVE-2023-38197,  CVE-2021-28025,  CVE-2023-37369,  CVE-2023-43114,  CVE-2023-51714,  CVE-2024-39936,  CVE-2023-52355,  CVE-2024-25062

ThinOS 2411

Cisco Jabber

Add-on Cisco_Jabber_14.3.1.308744.9
on ThinOS 2408

Add-on Cisco_Jabber_15.0.0.309289.6
on ThinOS 2411

11/28/2024

ThinOS 2411 (9.5.4070) Cisco Jabber package v15.0.0.309289.6 | Driver Details

CVE-2024-7264

ThinOS 2411

Cisco Webex Meetings VDI

Add-on Cisco_Webex_Meetings_VDI_44.6.2.3.4
on ThinOS 2408

Add-on Cisco_Webex_Meetings_VDI_44.10.1.3.4
on ThinOS 2411

11/28/2024

ThinOS 2411 (9.5.4070) Cisco Webex Meetings VDI package v44.10.1.3.4 | Driver Details

CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727

ThinOS 2411

Cisco Webex App VDI

Add-on Cisco_Webex_App_VDI_44.6.0.30048.2
on ThinOS 2408

Add-on Cisco_Webex_App_VDI_44.10.0.30906.5
on ThinOS 2411

11/28/2024

ThinOS 2411 (9.5.4070) Cisco Webex App VDI package v44.10.0.30906.5 | Driver Details

CVE-2020-10029, CVE-2020-6096, CVE-2020-1752, CVE-2020-29562, CVE-2019-25013, CVE-2021-3326, CVE-2021-27645, CVE-2020-27618, CVE-2021-35942, CVE-2021-38604, CVE-2022-23218, CVE-2022-23219, CVE-2023-0687, CVE-2023-4813, CVE-2023-4527, CVE-2001-0034, CVE-2017-11103, CVE-2017-6594, CVE-2017-17439, CVE-2019-12098, CVE-2018-16860, CVE-2022-41916, CVE-2022-44640, CVE-2022-42898, CVE-2021-44758, CVE-2022-3116, CVE-2014-6272, CVE-2013-0340, CVE-2021-29338, CVE-2022-1122, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-7104, CVE-2022-37434

ThinOS 2411

Citrix Workspace App

Add-on Citrix_Workspace_App_24.2.0.65.17
on ThinOS 2408

Add-on Citrix_Workspace_App_24.8.0.98.67
on ThinOS 2411

 

11/28/2024

ThinOS 2411 (9.5.4070) Citrix package v24.8.0.98.67 | Driver Details

CVE-2024-53290, CVE-2024-53289

ThinOS 2411

Operating System

ThinOS 2408

ThinOS 2411

11/28/2024

ThinOS 9.1.3129 or later to ThinOS 2411 (9.5.4070) Upgrade Image file | Driver Details

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Release Date

Link

CVE-2022-22576,  CVE-2022-27774,  CVE-2022-27775,  CVE-2022-27776,  CVE-2022-27780 ,  CVE-2022-27781,  CVE-2022-27782,  CVE-2022-32205,  CVE-2022-32206,  CVE-2022-32207, CVE-2022-32208,  CVE-2022-35252,  CVE-2022-42916,  CVE-2022-42915,  CVE-2022-32221,  CVE-2022-43551,  CVE-2022-43552,  CVE-2023-23914,  CVE-2023-23915,  CVE-2023-23916,  CVE-2023-27533,  CVE-2023-27534,  CVE-2023-27535,  CVE-2023-27536,  CVE-2023-27538,  CVE-2023-28319,  CVE-2023-28320,  CVE-2023-28321,  CVE-2023-28322,  CVE-2023-38545,  CVE-2023-38546,  CVE-2023-46218,  CVE-2024-7264,  CVE-2023-46219,  CVE-2022-2097,  CVE-2022-4304,  CVE-2022-4450,  CVE-2023-0215,  CVE-2023-0286,  CVE-2023-0464,  CVE-2023-0465,  CVE-2023-0466,  CVE-2023-2650,  CVE-2023-3817,  CVE-2023-4807,  CVE-2023-5678,  CVE-2024-0727,  CVE-2021-38593,  CVE-2021-45930,  CVE-2022-25255,  CVE-2022-25634,  CVE-2021-3481,  CVE-2023-24607,  CVE-2023-32573,  CVE-2023-33285,  CVE-2023-32762,  CVE-2023-32763,  CVE-2023-34410,  CVE-2023-38197,  CVE-2021-28025,  CVE-2023-37369,  CVE-2023-43114,  CVE-2023-51714,  CVE-2024-39936,  CVE-2023-52355,  CVE-2024-25062

ThinOS 2411

Cisco Jabber

Add-on Cisco_Jabber_14.3.1.308744.9
on ThinOS 2408

Add-on Cisco_Jabber_15.0.0.309289.6
on ThinOS 2411

11/28/2024

ThinOS 2411 (9.5.4070) Cisco Jabber package v15.0.0.309289.6 | Driver Details

CVE-2024-7264

ThinOS 2411

Cisco Webex Meetings VDI

Add-on Cisco_Webex_Meetings_VDI_44.6.2.3.4
on ThinOS 2408

Add-on Cisco_Webex_Meetings_VDI_44.10.1.3.4
on ThinOS 2411

11/28/2024

ThinOS 2411 (9.5.4070) Cisco Webex Meetings VDI package v44.10.1.3.4 | Driver Details

CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727

ThinOS 2411

Cisco Webex App VDI

Add-on Cisco_Webex_App_VDI_44.6.0.30048.2
on ThinOS 2408

Add-on Cisco_Webex_App_VDI_44.10.0.30906.5
on ThinOS 2411

11/28/2024

ThinOS 2411 (9.5.4070) Cisco Webex App VDI package v44.10.0.30906.5 | Driver Details

CVE-2020-10029, CVE-2020-6096, CVE-2020-1752, CVE-2020-29562, CVE-2019-25013, CVE-2021-3326, CVE-2021-27645, CVE-2020-27618, CVE-2021-35942, CVE-2021-38604, CVE-2022-23218, CVE-2022-23219, CVE-2023-0687, CVE-2023-4813, CVE-2023-4527, CVE-2001-0034, CVE-2017-11103, CVE-2017-6594, CVE-2017-17439, CVE-2019-12098, CVE-2018-16860, CVE-2022-41916, CVE-2022-44640, CVE-2022-42898, CVE-2021-44758, CVE-2022-3116, CVE-2014-6272, CVE-2013-0340, CVE-2021-29338, CVE-2022-1122, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-7104, CVE-2022-37434

ThinOS 2411

Citrix Workspace App

Add-on Citrix_Workspace_App_24.2.0.65.17
on ThinOS 2408

Add-on Citrix_Workspace_App_24.8.0.98.67
on ThinOS 2411

 

11/28/2024

ThinOS 2411 (9.5.4070) Citrix package v24.8.0.98.67 | Driver Details

CVE-2024-53290, CVE-2024-53289

ThinOS 2411

Operating System

ThinOS 2408

ThinOS 2411

11/28/2024

ThinOS 9.1.3129 or later to ThinOS 2411 (9.5.4070) Upgrade Image file | Driver Details

Workarounds & Mitigations

None

Revision History

Revision

Date

Description

1.0

2024-12-02

Initial Release

2.0

2024-12-03

Updated for enhanced presentation with no change in content.  

3.0

2024-12-04

Updated Third-party component table section for Cisco Jabber:  Updated CVEs: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-32206, CVE-2022-32207 Updated Affected Products and Remediation table: Updated CVEs:  CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-32206, CVE-2022-32207

4.0

2024-12-10

Added Proprietary Code component table section and Updated Affected Products and Remediation table: Added CVEs: CVE-2024-53290, CVE-2024-53289

Related Information

Affected Products

Wyse ThinOS
Article Properties
Article Number: 000248475
Article Type: Dell Security Advisory
Last Modified: 10 Dec 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.