Remote Command Vulnerability in Wyse Device Manager by Wyse Technology
CVE-2009-0695

Currently unrated

Key Information:

Vendor: Dell
Status: Wyse Device Manager
Vendor: CVE Published:; 19 June 2012

Summary

The hagent.exe component in Wyse Device Manager version 4.7.x lacks authentication requirements for executing commands. This security flaw permits remote attackers to gain unauthorized management access by sending specially crafted queries. As demonstrated by a specific V52 query, attackers can execute critical commands, such as initiating a power-off action, thereby compromising device control and operational integrity. This makes devices vulnerable to various attacks, including unauthorized shutdowns and potential data loss.

References

http://www.wyse.com/serviceandsupport/Wyse%20Security%20B...

x_refsource_MISC

http://www.kb.cert.org/vuls/id/654545

third-party-advisoryx_refsource_CERT-VN

http://archives.neohapsis.com/archives/fulldisclosure/200...

mailing-listx_refsource_FULLDISC

EPSS Score

70% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 19, 2012