CVE-2022-33925

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An remote authenticated attacker could potentially exploit this vulnerability by bypassing access controls in order to download reports containing sensitive information.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*

History

12 Aug 2022, 21:45

Type	Values Removed	Values Added
CPE		cpe:2.3:a:dell:wyse_management_suite::::::::
First Time		Dell wyse Management Suite Dell
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
References	~~(CONFIRM) https://www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities -~~	(CONFIRM) https://www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities - Vendor Advisory
CWE		NVD-CWE-Other

10 Aug 2022, 17:53

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-10 17:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-33925

Mitre link : CVE-2022-33925

CVE.ORG link : CVE-2022-33925

JSON object : View

Products Affected

dell

wyse_management_suite

CWE

NVD-CWE-Other CWE-284

Improper Access Control

{"id": "CVE-2022-33925", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-08-10T17:15:08.817", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An remote authenticated attacker could potentially exploit this vulnerability by bypassing access controls in order to download reports containing sensitive information."}, {"lang": "es", "value": "Dell Wyse Management Suite versiones 3.6.1 y anteriores, contiene una vulnerabilidad de Control de Acceso Inapropiado en la Interfaz de Usuario. Un atacante remoto autenticado podr\u00eda explotar esta vulnerabilidad al omitir los controles de acceso para descargar informes que contengan informaci\u00f3n confidencial"}], "lastModified": "2022-08-12T21:45:17.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A7348AD-CC08-4060-9709-DF24E4AFB092", "versionEndExcluding": "3.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}