CVE-2021-21532
published 2021-04-02CVE-2021-21532: Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a…
PriorityP429medium6.3CVSS 3.1
AVAACLPRNUINSUCLILAL
EPSS
0.22%
12.0th percentile
Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | wyse_proprietary_os | >= unspecified < ThinOS 8.6 MR9 | ThinOS 8.6 MR9 |
| dell | wyse_thinos | < 8.6 | 8.6 |
| dell | wyse_thinos | — | — |
| fig2dev_project | fig2dev | >= 0 < 1:3.2.6a-6ubuntu1.1 | 1:3.2.6a-6ubuntu1.1 |
| fig2dev_project | fig2dev | >= 0 < 1:3.2.7a-7ubuntu0.1 | 1:3.2.7a-7ubuntu0.1 |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv2.05.8MEDIUMAV:A/AC:L/Au:N/C:P/I:P/A:P
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
fig2dev vulnerabilities
osv·2023-02-13·CVSS 5.5
CVE-2019-14275 fig2dev vulnerabilities
fig2dev vulnerabilities
Frederic Cambus discovered that Fig2dev incorrectly handled certain image
files. If a user or an automated system were tricked into opening a certain
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 18.04 LTS.
(CVE-2019-14275)
It was discovered that Fig2dev incorrectly handled certain image files. If
a user or an automated system were tricked into opening a certain specially
crafted input file, a remote attacker could possibly use this issue to cause
a denial of service. (CVE-2019-19555, CVE-2019-19797, CVE-2020-21529,
CVE-2020-21530, CVE-2020-21531, CVE-2020-21532, CVE-2020-21533,
CVE-2020-21534, CVE-2020-21535, CVE-2020-21675, CVE-2020-21676,
CVE-2021-3561)
It was discove
GHSA
GHSA-3gp6-mhp9-qvmh: Dell Wyse ThinOS 8
ghsa_unreviewed·2022-05-24
CVE-2021-21532 [MEDIUM] CWE-20 GHSA-3gp6-mhp9-qvmh: Dell Wyse ThinOS 8
Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.dell.com/support/kbdoc/en-us/000184665/dsa-2021-069-dell-wyse-thinos-8-6-security-update-for-an-improper-management-server-validation-vulnerabilitydsa-2021-069-dell-wyse-thinos-8-6-security-update-for-an-improper-management-server-validation-https://www.dell.com/support/kbdoc/en-us/000184665/dsa-2021-069-dell-wyse-thinos-8-6-security-update-for-an-improper-management-server-validation-vulnerabilitydsa-2021-069-dell-wyse-thinos-8-6-security-update-for-an-improper-management-server-validation-
2021-04-02
Published