DSA-2024-440: Security Update for Dell Wyse Management Suite (WMS) for Multiple Vulnerabilities

Resumen: Dell Wyse Management Suite (WMS) remediation is available for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.

Impacto

High

Detalles

Third-party Component

CVEs

 More Information

MongoDB

CVE-2024-7553

See NVD link below for individual scores for each CVE. http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code

CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2024-49595

Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

7.6

 

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

CVE-2024-49597

Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

7.6

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-49596

Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion

5.9

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code

CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2024-49595

Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

7.6

 

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

 

CVE-2024-49597

Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

7.6

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:LThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-49596

Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion

5.9

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

CVEs addressed

Product

Affected Versions

Remediated Versions

Release Date

Link

CVE-2024-7553, CVE-2024-49595, CVE-2024-49597, CVE-2024-49596

Dell Wyse Management Suite

Versions 4.4 and prior

 

Versions          

4.4.1 or later

11/25/2024

Dell Wyse Management Suite

CVE-2024-49596

Dell Wyse Management Suite Repository

Versions 4.4 and prior

 

Versions          

4.4.1 or later

11/25/2024

Dell Wyse Management Suite Repository

CVEs addressed

Product

Affected Versions

Remediated Versions

Release Date

Link

CVE-2024-7553, CVE-2024-49595, CVE-2024-49597, CVE-2024-49596

Dell Wyse Management Suite

Versions 4.4 and prior

 

Versions          

4.4.1 or later

11/25/2024

Dell Wyse Management Suite

CVE-2024-49596

Dell Wyse Management Suite Repository

Versions 4.4 and prior

 

Versions          

4.4.1 or later

11/25/2024

Dell Wyse Management Suite Repository

Soluciones alternativas y mitigaciones

None

Historial de revisiones

Revision

Date

Description

1.0

2024-11-25

Initial Release

2.0 

2024-11-26

Updated for enhancements to presentation with no change in content.  

Reconocimientos

CVE-2024-49596: Dell Technologies would like to thank Ahmed Y. Elmogy for reporting this issue.

CVE-2024-49595: Dell Technologies would like to thank Harm Blankers, Jasper Westerman, Yanick de Pater of REQON B.V. for reporting this issue.

Información relacionada

Productos afectados

Wyse Management Suite
Propiedades del artículo
Número del artículo: 000244453
Tipo de artículo: Dell Security Advisory
Última modificación: 26 nov 2024
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.