CVE-2019-3712

Published: Mar 7, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with privileges of the FTP client by sending specially crafted input data to the affected system. The FTP code that contained the vulnerability has been removed.

Affected (2)

Products: Dell: Windows Embedded Standard Wyse Device Agent, Wyse Thinlinux Hagent

2 products

Windows Embedded Standard Wyse Device Agent

Wyse Thinlinux Hagent

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dell Windows Embedded Standard Wyse Device Agent	Before 14.1.2.9
Dell Wyse Thinlinux Hagent	Before 5.4.55_00.10

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (4)

http://www.securityfocus.com/bid/107376

Source: security_alert@emc.com

Third Party Advisory

https://www.dell.com/support/article/us/en/19/sln316391

Source: security_alert@emc.com

PatchVendor Advisory

http://www.securityfocus.com/bid/107376

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.dell.com/support/article/us/en/19/sln316391

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.