CVE-2021-21598

Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log files.

CVSS v3 3.9 LOW
CVSS v2.0 2.1 LOW

3.9^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.3 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.dell.com/support/kbdoc/000189543	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:dell:wyse_thinos:9.0:::::::*
	cpe:2.3:o:dell:wyse_thinos:9.1:::::::*
	cpe:2.3:o:dell:wyse_thinos:9.1:mr1::::::

OR	cpe:2.3:h:dell:wyse_3040_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5070_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5470_thin_client:-:::::::*

History

23 Aug 2021, 17:16

Type	Values Removed	Values Added
References	~~(CONFIRM) https://www.dell.com/support/kbdoc/000189543 -~~	(CONFIRM) https://www.dell.com/support/kbdoc/000189543 - Patch, Vendor Advisory
CPE		cpe:2.3:o:dell:wyse_thinos:9.0:::::::* cpe:2.3:h:dell:wyse_5070_thin_client:-:::::::* cpe:2.3:h:dell:wyse_5470_thin_client:-:::::::* cpe:2.3:o:dell:wyse_thinos:9.1:::::::* cpe:2.3:h:dell:wyse_3040_thin_client:-:::::::* cpe:2.3:o:dell:wyse_thinos:9.1:mr1::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 3.9
CWE		CWE-532

10 Aug 2021, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-08-10 19:15

Updated : 2023-12-10 13:55

NVD link : CVE-2021-21598

Mitre link : CVE-2021-21598

CVE.ORG link : CVE-2021-21598

JSON object : View

Products Affected

dell

wyse_thinos
wyse_5470_thin_client
wyse_5070_thin_client
wyse_3040_thin_client

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2021-21598", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.9, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.3}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.9, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.3}]}, "published": "2021-08-10T19:15:07.380", "references": [{"url": "https://www.dell.com/support/kbdoc/000189543", "tags": ["Patch", "Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log files."}, {"lang": "es", "value": "Dell Wyse ThinOS, versiones 9.0, 9.1 y 9.1 MR1, contienen una Vulnerabilidad de Divulgaci\u00f3n de Informaci\u00f3n Confidencial. Un atacante autenticado con acceso f\u00edsico al sistema podr\u00eda explotar potencialmente esta vulnerabilidad para leer datos confidenciales de la tarjeta inteligente en los archivos de registro"}], "lastModified": "2021-08-23T17:16:36.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:wyse_thinos:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94BDC02C-C343-4DED-903E-02BC4E6A18F3"}, {"criteria": "cpe:2.3:o:dell:wyse_thinos:9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EDA9262-D364-4230-817D-45E02E786B7D"}, {"criteria": "cpe:2.3:o:dell:wyse_thinos:9.1:mr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25D1F654-8B0B-486B-9046-21471BD31536"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:wyse_3040_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EE7CF2EF-93B1-4026-B923-3E08324245BD"}, {"criteria": "cpe:2.3:h:dell:wyse_5070_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C1664E2E-057D-4A8F-B8FC-73EC25D48DBC"}, {"criteria": "cpe:2.3:h:dell:wyse_5470_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A6B87629-2E3A-42E0-97AB-99C444C803D1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}