DSA-2020-281: Dell Wyse ThinOS 8.6 Security Update for Insecure Default Configuration Vulnerabilities.
요약: Dell Wyse ThinOS 8.6 MR8 contains remediations for insecure default configuration vulnerabilities that could be potentially exploited to access a writable file that can be used to manipulate the configuration of a specific thin client and potentially gain access to sensitive information leading to the compromise of thin clients. ...
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
Critical
세부 정보
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2020-29491 | Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the sensitive information on the local network, leading to the potential compromise of impacted thin clients. | 10.0 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| CVE-2020-29492 | Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any target specific station. | 10.0 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2020-29491 | Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the sensitive information on the local network, leading to the potential compromise of impacted thin clients. | 10.0 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| CVE-2020-29492 | Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any target specific station. | 10.0 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
영향을 받는 제품 및 문제 해결
The following is a list of impacted products and remediations. Customers should use the latest releases available which use secure default configurations.
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Dell Wyse 3040 Thin Client (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 3040 Thin Client (ENG) |
| Dell Wyse 3040 Thin Client (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 3040 Thin Client (JPN) |
| Dell Wyse 3040 Thin Client with PCoIP (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 3040 Thin Client with PCoIP (ENG) |
| Dell Wyse 3040 Thin Client with PCoIP (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 3040 Thin Client with PCoIP (JPN) |
| Dell Wyse 5010 Thin Client (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5010 Thin Client (ENG) |
| Dell Wyse 5010 Thin Client (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5010 Thin Client (JPN) |
| Dell Wyse 5010 Thin Client with PCoIP (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5010 Thin Client with PCoIP (ENG) |
| Dell Wyse 5010 Thin Client with PCoIP (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5010 Thin Client with PCoIP (JPN) |
| Dell Wyse 5040 Thin Client (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5040 Thin Client (ENG) |
| Dell Wyse 5040 Thin Client (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5040 Thin Client (JPN) |
| Dell Wyse 5040 Thin Client with PCoIP (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5040 Thin Client with PCoIP (ENG) |
| Dell Wyse 5040 Thin Client with PCoIP (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5040 Thin Client with PCoIP (JPN) |
| Dell Wyse 5060 Thin Client (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5060 Thin Client (ENG) |
| Dell Wyse 5060 Thin Client (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5060 Thin Client (JPN) |
| Dell Wyse 5060 Thin Client with PCoIP (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5060 Thin Client with PCoIP (ENG) |
| Dell Wyse 5060 Thin Client with PCoIP (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5060 Thin Client with PCoIP (JPN) |
| Dell Wyse 5070 Thin Client (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5070 Thin Client (ENG) |
| Dell Wyse 5070 Thin Client (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5070 Thin Client (JPN) |
| Dell Wyse 5070 Thin Client with PCoIP (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5070 Thin Client with PCoIP (ENG) |
| Dell Wyse 5070 Thin Client with PCoIP (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5070 Thin Client with PCoIP (JPN) |
| Dell Wyse 5470 AIO Thin Client (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5470 AIO Thin Client (ENG) |
| Dell Wyse 5470 AIO Thin Client (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5470 AIO Thin Client (JPN) |
| Dell Wyse 5470 AIO Thin Client with PCoIP (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5470 AIO Thin Client with PCoIP (ENG) |
| Dell Wyse 5470 AIO Thin Client with PCoIP (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5470 AIO Thin Client with PCoIP (JPN) |
| Dell Wyse 5470 Thin Client (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5470 Thin Client (ENG) |
| Dell Wyse 5470 Thin Client (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5470 Thin Client (JPN) |
| Dell Wyse 5470 Thin Client with PCoIP (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5470 Thin Client with PCoIP (ENG) |
| Dell Wyse 5470 Thin Client with PCoIP (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5470 Thin Client with PCoIP (JPN) |
| Dell Wyse 7010 Thin Client (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 7010 Thin Client (ENG) |
| Dell Wyse 7010 thin client (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 7010 thin client (JPN) |
The following is a list of impacted products and remediations. Customers should use the latest releases available which use secure default configurations.
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Dell Wyse 3040 Thin Client (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 3040 Thin Client (ENG) |
| Dell Wyse 3040 Thin Client (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 3040 Thin Client (JPN) |
| Dell Wyse 3040 Thin Client with PCoIP (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 3040 Thin Client with PCoIP (ENG) |
| Dell Wyse 3040 Thin Client with PCoIP (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 3040 Thin Client with PCoIP (JPN) |
| Dell Wyse 5010 Thin Client (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5010 Thin Client (ENG) |
| Dell Wyse 5010 Thin Client (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5010 Thin Client (JPN) |
| Dell Wyse 5010 Thin Client with PCoIP (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5010 Thin Client with PCoIP (ENG) |
| Dell Wyse 5010 Thin Client with PCoIP (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5010 Thin Client with PCoIP (JPN) |
| Dell Wyse 5040 Thin Client (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5040 Thin Client (ENG) |
| Dell Wyse 5040 Thin Client (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5040 Thin Client (JPN) |
| Dell Wyse 5040 Thin Client with PCoIP (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5040 Thin Client with PCoIP (ENG) |
| Dell Wyse 5040 Thin Client with PCoIP (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5040 Thin Client with PCoIP (JPN) |
| Dell Wyse 5060 Thin Client (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5060 Thin Client (ENG) |
| Dell Wyse 5060 Thin Client (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5060 Thin Client (JPN) |
| Dell Wyse 5060 Thin Client with PCoIP (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5060 Thin Client with PCoIP (ENG) |
| Dell Wyse 5060 Thin Client with PCoIP (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5060 Thin Client with PCoIP (JPN) |
| Dell Wyse 5070 Thin Client (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5070 Thin Client (ENG) |
| Dell Wyse 5070 Thin Client (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5070 Thin Client (JPN) |
| Dell Wyse 5070 Thin Client with PCoIP (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5070 Thin Client with PCoIP (ENG) |
| Dell Wyse 5070 Thin Client with PCoIP (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5070 Thin Client with PCoIP (JPN) |
| Dell Wyse 5470 AIO Thin Client (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5470 AIO Thin Client (ENG) |
| Dell Wyse 5470 AIO Thin Client (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5470 AIO Thin Client (JPN) |
| Dell Wyse 5470 AIO Thin Client with PCoIP (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5470 AIO Thin Client with PCoIP (ENG) |
| Dell Wyse 5470 AIO Thin Client with PCoIP (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5470 AIO Thin Client with PCoIP (JPN) |
| Dell Wyse 5470 Thin Client (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5470 Thin Client (ENG) |
| Dell Wyse 5470 Thin Client (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5470 Thin Client (JPN) |
| Dell Wyse 5470 Thin Client with PCoIP (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 5470 Thin Client with PCoIP (ENG) |
| Dell Wyse 5470 Thin Client with PCoIP (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol |
8.6 MR8 | Dell Wyse 5470 Thin Client with PCoIP (JPN) |
| Dell Wyse 7010 Thin Client (ENG) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 7010 Thin Client (ENG) |
| Dell Wyse 7010 thin client (JPN) | Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol | 8.6 MR8 | Dell Wyse 7010 thin client (JPN) |
해결 방법 및 완화 방안
Below are best practices to address this issue. Dell recommends customers implement one of the following:
- Secure the file server environment when using Dell Wyse ThinOS 8.6 clients – Impacted ThinOS 8.6 customers can secure their environment by updating their file servers to use a secure protocol (HTTPS instead of HTTP or FTP) and by ensuring file servers are set to read-only access.
- Deploy Dell Wyse Management Suite – Impacted ThinOS 8.6 customers can use Wyse Management Suite instead of a file server for imaging and device configuration. Wyse Management Suite communications enforce HTTPS protocol and all configurations are stored in a secure server database instead of editable configuration files.
- Deploy Dell Wyse Management Suite with ThinOS 9 – In addition to deploying Wyse Management Suite, customers with eligible Wyse clients can update their operating system to ThinOS 9 free of charge. ThinOS 9 clients do not support file server configuration, and thus this exploit does not apply to Wyse clients running ThinOS 9.
개정 내역
| Revision | Date | Description |
| 1.0 | 2020-12-21 | Initial Release |
감사의 말
Dell would like to thank Prof. Gil David and Elad Luz of CyberMDX for reporting this vulnerability.
관련 정보
법적 고지 사항
해당 제품
Dell ThinOS문서 속성
문서 번호: 000180768
문서 유형: Dell Security Advisory
마지막 수정 시간: 17 2월 2021
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.