Improper Authentication Vulnerability in Wyse Device Agent by Dell
CVE-2022-23156

6MEDIUM

Key Information:

Vendor: Dell
Status: Dell Wyse Device Agent
Vendor: CVE Published:; 1 April 2022

What is CVE-2022-23156?

The Wyse Device Agent prior to version 14.6.1.5 is susceptible to an Improper Authentication vulnerability. This flaw allows a malicious actor to exploit the system by manipulating input data, enabling unauthorized access to the WMS server. Organizations using the affected versions should take immediate action to apply necessary updates and mitigate potential risks from this vulnerability.

Affected Version(s)

Dell Wyse Device Agent < 14.6.2.13

References

https://www.dell.com/support/kbdoc/000196005

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2022
Vulnerability Reserved
Jan 11, 2022