Remote Code Execution Vulnerability in Wyse Device Manager by Wyse Technology
CVE-2009-0693

Currently unrated

Key Information:

Vendor: Dell
Status: Wyse Device Manager
Vendor: CVE Published:; 19 June 2012

Summary

Multiple buffer overflow vulnerabilities present in Wyse Device Manager (WDM) version 4.7.x enable remote attackers to gain unauthorized execution of arbitrary code. Exploitation can occur through the manipulation of the User-Agent HTTP header targeting hserver.dll, as well as via unspecified inputs directed at hagent.exe. This exposure underscores critical security considerations for users relying on Wyse Device Manager for device management.

References

http://www.wyse.com/serviceandsupport/Wyse%20Security%20B...

x_refsource_MISC

http://www.kb.cert.org/vuls/id/654545

third-party-advisoryx_refsource_CERT-VN

http://archives.neohapsis.com/archives/fulldisclosure/200...

mailing-listx_refsource_FULLDISC

EPSS Score

23% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 19, 2012