Remote Command Vulnerability in Wyse Device Manager by Wyse Technology
CVE-2009-0695

Currently unrated

Key Information:

Vendor

Dell
Status
Wyse Device Manager
Vendor
CVE Published:
19 June 2012

What is CVE-2009-0695?

The hagent.exe component in Wyse Device Manager version 4.7.x lacks authentication requirements for executing commands. This security flaw permits remote attackers to gain unauthorized management access by sending specially crafted queries. As demonstrated by a specific V52 query, attackers can execute critical commands, such as initiating a power-off action, thereby compromising device control and operational integrity. This makes devices vulnerable to various attacks, including unauthorized shutdowns and potential data loss.

References

http://www.wyse.com/serviceandsupport/Wyse%20Security%20B...
x_refsource_MISC
http://www.kb.cert.org/vuls/id/654545
third-party-advisoryx_refsource_CERT-VN
http://archives.neohapsis.com/archives/fulldisclosure/200...
mailing-listx_refsource_FULLDISC

EPSS Score

70% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.