DSA-2023-247: Dell ThinOS Security Update for Multiple Vulnerabilities

Summary: Dell ThinOS remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system

Ez a cikk a következő(k)re vonatkozik: Ez a cikk nem vonatkozik a következő(k)re: Ez a cikk nem kapcsolódik egyetlen konkrét termékhez sem. Ez a cikk nem azonosítja az összes termékverziót.
További források megtekintése

Impact

Medium

Details

Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2023-32455 Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2023-32446 Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2023-32447 Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2023-32455 Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2023-32446 Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2023-32447 Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Érintett termékek és helyreállítás

Product Affected Version(s) Updated Version(s) Link to Update
Wyse 3040 Thin Client
2208 (9.3.2102) and below 
(CVE-2023-32455)

2303 (9.4.1141)
(CVE-2023-32446)

2303(9.4.1141) and below
(CVE-2023-32447)
2306 (9.4.2103)
Dell Wyse ThinOS
Wyse 5070 Thin Client
Wyse 5470 Mobile Thin Client
Wyse 5470 All-in-One Thin Client
Dell OptiPlex 3000 Thin Client
Dell Latitude 3420
Dell OptiPlex 5400 All-in-One
Dell Latitude 3440
Dell Latitude 5440
Dell OptiPlex All-in-One
Product Affected Version(s) Updated Version(s) Link to Update
Wyse 3040 Thin Client
2208 (9.3.2102) and below 
(CVE-2023-32455)

2303 (9.4.1141)
(CVE-2023-32446)

2303(9.4.1141) and below
(CVE-2023-32447)
2306 (9.4.2103)
Dell Wyse ThinOS
Wyse 5070 Thin Client
Wyse 5470 Mobile Thin Client
Wyse 5470 All-in-One Thin Client
Dell OptiPlex 3000 Thin Client
Dell Latitude 3420
Dell OptiPlex 5400 All-in-One
Dell Latitude 3440
Dell Latitude 5440
Dell OptiPlex All-in-One

Revision History

RevisionDateDescription
1.02023-07-18Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Jogi nyilatkozat

Érintett termékek

OptiPlex All-In-One, Latitude 3440, Latitude 5440, OptiPlex 3000 Thin Client, OptiPlex 5400 All-In-One, Wyse 3040 Thin Client, Wyse 5070 Thin Client, Wyse 5470 All-In-One, Wyse 5470
Termék tulajdonságai
Article Number: 000215864
Article Type: Dell Security Advisory
Utoljára módosítva: 18 júl. 2023
Választ kaphat kérdéseire más Dell-felhasználóktól
Támogatási szolgáltatások
Ellenőrizze, hogy a készüléke rendelkezik-e támogatási szolgáltatással.