Sensitive Information Disclosure Vulnerability in Dell Wyse ThinOS
CVE-2021-21598

3.9LOW

Key Information:

Vendor: Dell
Status: Wyse Thinos
Vendor: CVE Published:; 10 August 2021

What is CVE-2021-21598?

Dell Wyse ThinOS versions 9.0, 9.1, and 9.1 MR1 are susceptible to a vulnerability that allows an authenticated user with physical access to the device to read sensitive Smartcard data stored in log files. This can potentially lead to the unauthorized disclosure of sensitive information contained within user interactions. It is essential for organizations using these versions of ThinOS to implement protective measures and review their access policies.

Affected Version(s)

Wyse ThinOS 9.0, 9.1, 9.1 MR1

References

https://www.dell.com/support/kbdoc/000189543

x_refsource_MISC

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2021
Vulnerability Reserved
Jan 4, 2021