CVE-2023-32446 — Cleartext Storage of Sensitive Info in Dell Wyse Proprietary OS

CWE-312 — Cleartext Storage of Sensitive Info CWE-532 — Log File Information Exposure2 documents2 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 92.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Wyse Proprietary OS Dell Wyse Thinos

Timeline

PublishedJul 20

Description

Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDdell/wyse_thinos9.4.1141

▶CVEListV5dell/wyse_proprietary_os2303 (9.4.1141)

🔴Vulnerability Details

GHSA

GHSA-hqm4-p64v-22xm: Dell Wyse ThinOS versions prior to 2303 (9↗2023-07-20

▶