CVE-2021-21532Improper Input Validation in Dell Wyse Proprietary OS

CWE-16CWE-20Improper Input Validation3 documents3 sources
Severity
6.3MEDIUMNVD
OSV5.5
EPSS
0.1%
top 83.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Dell Wyse Proprietary OSDell Wyse ThinosFig2dev Project Fig2dev
Timeline
PublishedApr 2
Latest updateFeb 13

Description

Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages3 packages

NVDdell/wyse_thinos< 8.6+1
CVEListV5dell/wyse_proprietary_osunspecifiedThinOS 8.6 MR9
Ubuntufig2dev_project/fig2dev< 1:3.2.6a-6ubuntu1.1+1

🔴Vulnerability Details

2
OSV
fig2dev vulnerabilities2023-02-13
GHSA
GHSA-3gp6-mhp9-qvmh: Dell Wyse ThinOS 82022-05-24