CVE-2022-29090

Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform unauthorized actions.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-08-10 17:15

Updated : 2022-08-12 21:42

NVD link : CVE-2022-29090

Mitre link : CVE-2022-29090

CVE.ORG link : CVE-2022-29090

JSON object : View

Products Affected

dell

wyse_management_suite

CWE

CWE-312

Cleartext Storage of Sensitive Information

CWE-317

Cleartext Storage of Sensitive Information in GUI

{"id": "CVE-2022-29090", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 3.1}]}, "published": "2022-08-10T17:15:08.697", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-317"}]}], "descriptions": [{"lang": "en", "value": "Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform unauthorized actions."}, {"lang": "es", "value": "Dell Wyse Management Suite versiones 3.6.1 y anteriores, contiene una vulnerabilidad de Exposici\u00f3n de Datos Confidenciales. Un usuario malicioso poco privilegiado podr\u00eda explotar esta vulnerabilidad para obtener credenciales. El atacante podr\u00eda usar las credenciales expuestas para acceder al dispositivo de destino y llevar a cabo acciones no autorizadas"}], "lastModified": "2022-08-12T21:42:50.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A7348AD-CC08-4060-9709-DF24E4AFB092", "versionEndExcluding": "3.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}