CVE-2023-32446

Published: Jul 20, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.

Affected (1)

Products: Dell: Wyse Thinos

Dell

1 product

Wyse Thinos

Configuration A

1 vulnerable · 9 platform

Vulnerable Software	Affected Versions
Dell Wyse Thinos	Version 9.4.1141

Running on/with	Platform Versions
Dell Latitude 3420	All versions
Dell Latitude 3440	All versions
Dell Latitude 5440	All versions
Dell Optiplex 3000 Thin Client	All versions
Dell Optiplex 5400	All versions
Dell Wyse 3040 Thin Client	All versions
Dell Wyse 5070 Thin Client	All versions
Dell Wyse 5470 All In One Thin Client	All versions
Dell Wyse 5470 Mobile Thin Client	All versions

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.