CVE-2023-32447Cleartext Storage of Sensitive Info in Dell Wyse Thinos

CWE-312Cleartext Storage of Sensitive InfoCWE-532Log File Information Exposure2 documents2 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 92.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Wyse ThinosDell Wyse Proprietary OS
Timeline
PublishedJul 20

Description

Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDdell/wyse_thinos< 9.4.2103
CVEListV5dell/wyse_proprietary_os2303(9.4.1141) and below

🔴Vulnerability Details

1
GHSA
GHSA-7jwv-qg8r-cqpf: Dell Wyse ThinOS versions prior to 2306 (92023-07-20