DSA-2024-229: Security Update for Dell ThinOS Vulnerabilities

Samenvatting: Dell ThinOS remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Dit artikel is van toepassing op Dit artikel is niet van toepassing op Dit artikel is niet gebonden aan een specifiek product. Niet alle productversies worden in dit artikel vermeld.
Bekijk andere hulpbronnen

Impact

Critical

Gegevens

Third-party Component CVEs More Information
Liquidware CVE-2016-0718, CVE-2012-6702, CVE-2016-5300, CVE-2016-4472, CVE-2017-9233, CVE-2018-20843, CVE-2019-15903, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-23990, CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, CVE-2022-40674, CVE-2022-43680, CVE-2020-1968, CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2021-3712, CVE-2021-4160, CVE-2022-0778, CVE-2022-1292, CVE-2022-2068,  CVE-2024-0727, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-5678 See NVD link below for individual scores for each CVE
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Cisco Jabber CVE-2023-46218 See NVD link below for individual scores for each CVE
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Cisco Webex Meetings VDI CVE-2022-45142, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727, CVE-2022-41409, CVE-2021-38593, CVE-2021-45930, CVE-2022-25255, CVE-2022-25634, CVE-2023-24607, CVE-2023-32573, CVE-2023-33285, CVE-2023-32762, CVE-2023-32763, CVE-2023-34410, CVE-2023-38197, CVE-2023-37369, CVE-2023-43114, CVE-2023-51714, CVE-2017-10989, CVE-2018-8740, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358, CVE-2022-35737, CVE-2023-7104, CVE-2022-37434, CVE-2023-45853 See NVD link below for individual scores for each CVE
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Cisco Webex App VDI CVE-2022-45142, CVE-2017-10989, CVE-2018-8740, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358,  CVE-2022-35737 See NVD link below for individual scores for each CVE
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
VMWare Horizon Client CVE-2023-46218, CVE-2023-46219, CVE-2023-46218, CVE-2023-46219, CVE-2023-3316, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2650, CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, CVE-2024-0727 See NVD link below for individual scores for each CVE
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Zoom Universal CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363 See NVD link below for individual scores for each CVE
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Amazon WorkSpaces CVE-2023-52425, CVE-2023-52426, CVE-2023-52355, CVE-2021-30123, CVE-2021-33815, CVE-2021-38114, CVE-2021-38171, CVE-2022-1475, CVE-2022-3964, CVE-2022-3109, CVE-2022-3341, CVE-2022-48434, CVE-2023-46407, CVE-2023-47470, CVE-2024-22860, CVE-2024-22862, CVE-2024-22861, CVE-2023-45853 See NVD link below for individual scores for each CVE
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-30472 Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure.   7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-42423 Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering. 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-30472 Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure.   7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-42423 Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering. 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

CVE ID Product Software/Firmware Affected Versions Remediated Versions Release Date Link
CVE-2024-30472 ThinOS Telemetry Dashboard Telemetry Dashboard v1.0.0.8 on Thin OS 2402 Telemetry Dashboard v1.1.0.6 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Telemetry Dashboard v1.1.0.6 | Driver Details
CVE-2016-0718, CVE-2012-6702, CVE-2016-5300, CVE-2016-4472, CVE-2017-9233, CVE-2018-20843, CVE-2019-15903, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-23990, CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, CVE-2022-40674, CVE-2022-43680, CVE-2020-1968, CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2021-3712, CVE-2021-4160, CVE-2022-0778, CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-5678, CVE-2024-0727 ThinOS Liquidware
 
 		 Liquidware_Stratusphere_UX_Connector_ID_Agent_6.6.2.5.10 on Thin OS 2402 Liquidware_Stratusphere_UX_Connector_ID_Agent_6.7.0.2.2 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Liquidware Stratusphere UX Connector ID Agent v6.7.0.2.2 | Driver Details
 
CVE-2023-46218
 
 		 ThinOS  Cisco Jabber
 
 		 Cisco_Jabber_14.3.0.308378.8 on Thin OS 2402 Cisco_Jabber_14.3.0.308378.11 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Cisco Jabber package v14.3.0.308378.11 | Driver Details
CVE-2022-45142, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727, CVE-2022-41409, CVE-2021-38593, CVE-2021-45930, CVE-2022-25255, CVE-2022-25634, CVE-2023-24607, CVE-2023-32573, CVE-2023-33285, CVE-2023-32762, CVE-2023-32763, CVE-2023-34410, CVE-2023-38197, CVE-2023-37369, CVE-2023-43114, CVE-2023-51714, CVE-2017-10989, CVE-2018-8740, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358, CVE-2022-35737, CVE-2023-7104, CVE-2022-37434, CVE-2023-45853 ThinOS  Cisco Webex Meetings VDI
 		 Cisco_Webex_Meetings_VDI_43.10.2.11.3 on Thin OS 2402
 		  Cisco_Webex_Meetings_VDI_44.2.0.76.2 on Thin OS 2405
 		 05/30/2024 ThinOS 2405 (9.5.2109) Cisco Webex Meetings VDI package v44.2.0.76.2 | Driver Details
CVE-2022-45142, CVE-2017-10989, CVE-2018-8740, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358,  CVE-2022-35737 ThinOS  Cisco Webex App VDI  Cisco_Webex_App_VDI_43.10.0.27605.4 on Thin OS 2402 Cisco_Webex_App_VDI_44.2.0.28744.1 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Cisco Webex VDI package v44.2.0.28744.1 | Driver Details
CVE-2023-46218, CVE-2023-46219, CVE-2023-46218, CVE-2023-46219, CVE-2023-3316, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2650, CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, CVE-2024-0727 ThinOS VMWare Horizon Client  VMware_Horizon_2309.8.11.0.22660930.37 on Thin OS 2402  VMware_Horizon_2312.1.8.12.1.5 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) VMware Horizon package v2312.1.8.12.1.5 | Driver Details
CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363 ThinOS Zoom Universal  Zoom_Universal_5.16.10.24420.6 on Thin OS 2402  Zoom_Universal_5.17.10.24730.2 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Zoom Universal package v5.17.10.24730.2 | Driver Details
CVE-2023-52425, CVE-2023-52426, CVE-2023-52355, CVE-2021-30123, CVE-2021-33815, CVE-2021-38114, CVE-2021-38171, CVE-2022-1475, CVE-2022-3964, CVE-2022-3109, CVE-2022-3341, CVE-2022-48434, CVE-2023-46407, CVE-2023-47470, CVE-2024-22860, CVE-2024-22862, CVE-2024-22861, CVE-2023-45853 ThinOS Amazon WorkSpaces Amazon_WorkSpaces_Client_24.0.4697.3 on Thin OS 2402 Amazon_WorkSpaces_Client_ 24.0.4707.6 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Amazon WorkSpaces Client package v24.0.4707.6 | Driver Details
CVE-2024- 42423 ThinOS Citrix Workspace App Citrix_Workspace_App_23.9.0.24.4 on ThinOS 2402 Citrix_Workspace_App_24.2.0.65.17 on ThinOS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Citrix package v24.2.0.65.17 | Driver Details
CVE ID Product Software/Firmware Affected Versions Remediated Versions Release Date Link
CVE-2024-30472 ThinOS Telemetry Dashboard Telemetry Dashboard v1.0.0.8 on Thin OS 2402 Telemetry Dashboard v1.1.0.6 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Telemetry Dashboard v1.1.0.6 | Driver Details
CVE-2016-0718, CVE-2012-6702, CVE-2016-5300, CVE-2016-4472, CVE-2017-9233, CVE-2018-20843, CVE-2019-15903, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-23990, CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, CVE-2022-40674, CVE-2022-43680, CVE-2020-1968, CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2021-3712, CVE-2021-4160, CVE-2022-0778, CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-5678, CVE-2024-0727 ThinOS Liquidware
 
 		 Liquidware_Stratusphere_UX_Connector_ID_Agent_6.6.2.5.10 on Thin OS 2402 Liquidware_Stratusphere_UX_Connector_ID_Agent_6.7.0.2.2 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Liquidware Stratusphere UX Connector ID Agent v6.7.0.2.2 | Driver Details
 
CVE-2023-46218
 
 		 ThinOS  Cisco Jabber
 
 		 Cisco_Jabber_14.3.0.308378.8 on Thin OS 2402 Cisco_Jabber_14.3.0.308378.11 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Cisco Jabber package v14.3.0.308378.11 | Driver Details
CVE-2022-45142, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727, CVE-2022-41409, CVE-2021-38593, CVE-2021-45930, CVE-2022-25255, CVE-2022-25634, CVE-2023-24607, CVE-2023-32573, CVE-2023-33285, CVE-2023-32762, CVE-2023-32763, CVE-2023-34410, CVE-2023-38197, CVE-2023-37369, CVE-2023-43114, CVE-2023-51714, CVE-2017-10989, CVE-2018-8740, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358, CVE-2022-35737, CVE-2023-7104, CVE-2022-37434, CVE-2023-45853 ThinOS  Cisco Webex Meetings VDI
 		 Cisco_Webex_Meetings_VDI_43.10.2.11.3 on Thin OS 2402
 		  Cisco_Webex_Meetings_VDI_44.2.0.76.2 on Thin OS 2405
 		 05/30/2024 ThinOS 2405 (9.5.2109) Cisco Webex Meetings VDI package v44.2.0.76.2 | Driver Details
CVE-2022-45142, CVE-2017-10989, CVE-2018-8740, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358,  CVE-2022-35737 ThinOS  Cisco Webex App VDI  Cisco_Webex_App_VDI_43.10.0.27605.4 on Thin OS 2402 Cisco_Webex_App_VDI_44.2.0.28744.1 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Cisco Webex VDI package v44.2.0.28744.1 | Driver Details
CVE-2023-46218, CVE-2023-46219, CVE-2023-46218, CVE-2023-46219, CVE-2023-3316, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2650, CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, CVE-2024-0727 ThinOS VMWare Horizon Client  VMware_Horizon_2309.8.11.0.22660930.37 on Thin OS 2402  VMware_Horizon_2312.1.8.12.1.5 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) VMware Horizon package v2312.1.8.12.1.5 | Driver Details
CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363 ThinOS Zoom Universal  Zoom_Universal_5.16.10.24420.6 on Thin OS 2402  Zoom_Universal_5.17.10.24730.2 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Zoom Universal package v5.17.10.24730.2 | Driver Details
CVE-2023-52425, CVE-2023-52426, CVE-2023-52355, CVE-2021-30123, CVE-2021-33815, CVE-2021-38114, CVE-2021-38171, CVE-2022-1475, CVE-2022-3964, CVE-2022-3109, CVE-2022-3341, CVE-2022-48434, CVE-2023-46407, CVE-2023-47470, CVE-2024-22860, CVE-2024-22862, CVE-2024-22861, CVE-2023-45853 ThinOS Amazon WorkSpaces Amazon_WorkSpaces_Client_24.0.4697.3 on Thin OS 2402 Amazon_WorkSpaces_Client_ 24.0.4707.6 on Thin OS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Amazon WorkSpaces Client package v24.0.4707.6 | Driver Details
CVE-2024- 42423 ThinOS Citrix Workspace App Citrix_Workspace_App_23.9.0.24.4 on ThinOS 2402 Citrix_Workspace_App_24.2.0.65.17 on ThinOS 2405 05/30/2024 ThinOS 2405 (9.5.2109) Citrix package v24.2.0.65.17 | Driver Details

Tijdelijke oplossingen en risicobeperking

CVE ID Workaround and Mitigation
CVE-2024-42423 For ThinOS 2311, upgrade Citrix Workspace App
For ThinOS 2402, upgrade Citrix Workspace App

Revisiegeschiedenis

Revision DateDescription
1.02024-06-12Initial Release
2.02024-07-19Removed CVE-2023-5217 from Third-Party Component Table and the Affected Products and Remediation Table 
3.02024-08-26Updated Affected Products and Remediation section:  Added Amazon Workspaces 
4.02024-09-09Updated CVE IDENTIFIER, PROPRIETARY CODE and Affected Products and Remediation section: Added CVE-2024-42423
5.02024-10-01Updated CVE Identifier, Third Party Components, and Affected Products and Remediation section: Updated CVE list for Cisco Webex App VDI

Bevestigingen

CVE-2024-30472: Dell would like to thank matrixpdb for reporting this issue.
 

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Juridische verklaring van afstand

Getroffen producten

Dell ThinOS
Artikeleigenschappen
Artikelnummer: 000225289
Artikeltype: Dell Security Advisory
Laatst aangepast: 01 okt. 2024
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.