CVE-2020-29492 — Incorrect Default Permissions in Dell Wyse Proprietary OS

CWE-276 — Incorrect Default Permissions2 documents2 sources

Severity

10.0CRITICALNVD

EPSS

0.9%

top 24.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Wyse Proprietary OS Dell Wyse Thinos

Timeline

PublishedJan 4

Latest updateMay 24

Description

Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any target specific station.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.8

Affected Packages2 packages

▶NVDdell/wyse_thinos8.6

▶CVEListV5dell/wyse_proprietary_osunspecified — 8.6

🔴Vulnerability Details

GHSA

GHSA-pwh6-hxc9-8cf2: Dell Wyse ThinOS 8↗2022-05-24

▶