CVE-2024-42427 — Command Injection in Dell Wyse Proprietary OS

CWE-77 — Command Injection2 documents2 sources

Severity

7.6HIGHNVD

EPSS

1.3%

top 20.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Wyse Proprietary OS Dell Wyse Thinos

Timeline

PublishedSep 10

Description

Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 0.9 | Impact: 6.0

Affected Packages2 packages

▶NVDdell/wyse_thinos9.5.1079, 9.5.2109+1

▶CVEListV5dell/wyse_proprietary_osDell ThinOS 2402, Dell ThinOS 2405+1

🔴Vulnerability Details

GHSA

GHSA-pg7h-4x9w-92w3: Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability↗2024-09-10

▶