CVE-2021-36337Inadequate Encryption Strength in Dell Wyse Management Suite

CWE-326Inadequate Encryption Strength3 documents3 sources
Severity
7.4HIGHNVD
CNA6.5
EPSS
0.1%
top 72.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dell Wyse Management Suite
Timeline
PublishedDec 21
Latest updateDec 22

Description

Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

CVEListV5dell/wyse_management_suiteunspecified3.5

Patches

Patch: www.dell.comPatch: www.dell.com

🔴Vulnerability Details

2
GHSA
GHSA-w9qr-g73g-88cw: Dell Wyse Management Suite version 32021-12-22
CVEList
CVE-2021-36337: Dell Wyse Management Suite version 32021-12-21
CVE-2021-36337 — Inadequate Encryption Strength in Dell | cvebase