CVE-2024-53290 — Command Injection in Dell Wyse Proprietary OS

CWE-77 — Command Injection2 documents2 sources

Severity

8.4HIGHNVD

EPSS

0.4%

top 36.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Wyse Proprietary OS Dell Thinos

Timeline

PublishedDec 11

Description

Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages2 packages

▶NVDdell/thinos2408

▶CVEListV5dell/wyse_proprietary_osThinOS 2408

🔴Vulnerability Details

GHSA

GHSA-rq4h-wrjf-38w8: Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability↗2024-12-11

▶