CVE-2009-0695

Currently unrated

Key Information:

Vendor: Dell
Status: Wyse Device Manager
Vendor: CVE Published:; 19 June 2012

Summary

hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.

References

http://www.wyse.com/serviceandsupport/Wyse%20Security%20B...

x_refsource_MISC

http://www.kb.cert.org/vuls/id/654545

third-party-advisoryx_refsource_CERT-VN

http://archives.neohapsis.com/archives/fulldisclosure/200...

mailing-listx_refsource_FULLDISC

EPSS Score

83% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 19, 2012