CVE-2023-32446

Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:wyse_thinos:9.4.1141:*:*:*:*:*:*:*

OR	cpe:2.3:h:dell:latitude_3420:-:::::::*
	cpe:2.3:h:dell:latitude_3440:-:::::::*
	cpe:2.3:h:dell:latitude_5440:-:::::::*
	cpe:2.3:h:dell:optiplex_3000_thin_client:-:::::::*
	cpe:2.3:h:dell:optiplex_5400:-:::::::*
	cpe:2.3:h:dell:wyse_3040_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5070_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:::::::*

History

No history.

Information

Published : 2023-07-20 13:15

Updated : 2023-07-28 16:48

NVD link : CVE-2023-32446

Mitre link : CVE-2023-32446

CVE.ORG link : CVE-2023-32446

JSON object : View

Products Affected

dell

latitude_3440
wyse_5070_thin_client
optiplex_3000_thin_client
latitude_5440
wyse_3040_thin_client
wyse_5470_all-in-one_thin_client
wyse_5470_mobile_thin_client
latitude_3420
wyse_thinos
optiplex_5400

CWE

CWE-532

Insertion of Sensitive Information into Log File

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2023-32446", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-07-20T13:15:10.917", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "\nDell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.\n\n"}], "lastModified": "2023-07-28T16:48:21.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:wyse_thinos:9.4.1141:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2948904-C750-4A0A-B8F8-74D481D5D9DE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7FB6E60F-F100-42BF-BC38-A38620EF8D2C"}, {"criteria": "cpe:2.3:h:dell:latitude_3440:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "31C78A9B-65B4-4213-9A96-4E57CFA5B195"}, {"criteria": "cpe:2.3:h:dell:latitude_5440:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "84EC8EA3-A91D-4D3B-B1A5-D650A526CAAE"}, {"criteria": "cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1C4B0B6B-7740-46D0-9FE0-3AFF8D9B4DDA"}, {"criteria": "cpe:2.3:h:dell:optiplex_5400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F53D91BF-DA1C-4BFB-9E17-AB5266DB255F"}, {"criteria": "cpe:2.3:h:dell:wyse_3040_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EE7CF2EF-93B1-4026-B923-3E08324245BD"}, {"criteria": "cpe:2.3:h:dell:wyse_5070_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C1664E2E-057D-4A8F-B8FC-73EC25D48DBC"}, {"criteria": "cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3929B7A4-D181-4258-8722-57A751DB4CCC"}, {"criteria": "cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1D9B6263-FF2F-428D-971B-48029951E62B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}