CVE-2021-21552Incorrect Authorization in Dell Wyse Windows Embedded

CWE-863Incorrect Authorization2 documents2 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 62.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Wyse Windows EmbeddedMicrosoft Windows 10
Timeline
PublishedMay 21
Latest updateMay 24

Description

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

CVEListV5dell/wyse_windows_embeddedunspecifiedWIE10 LTSC 2019

Patches

Patch: www.dell.comPatch: www.dell.com

🔴Vulnerability Details

1
GHSA
GHSA-c5g9-x4gm-2c84: Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability2022-05-24
CVE-2021-21552 — Incorrect Authorization in Dell | cvebase