CVE-2023-32455Cleartext Storage of Sensitive Info in Dell Wyse Thinos

CWE-312Cleartext Storage of Sensitive InfoCWE-532Log File Information Exposure2 documents2 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 92.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Wyse ThinosDell Wyse Proprietary OS
Timeline
PublishedJul 20

Description

Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDdell/wyse_thinos9.3.2102
CVEListV5dell/wyse_proprietary_os2208 (9.3.2102) and below

🔴Vulnerability Details

1
GHSA
GHSA-64qm-6fcc-v9x3: Dell Wyse ThinOS versions prior to 2208 (92023-07-20