Access Control Flaw in Wyse Management Suite by Dell
CVE-2022-46754

8.7HIGH

Key Information:

Vendor: Dell
Status: Wyse Management Suite
Vendor: CVE Published:; 11 February 2023

Summary

An improper access control vulnerability exists in Wyse Management Suite 3.8 and earlier, which allows authenticated malicious admin users to access pro license features without the required permissions. This access could enable these users to configure external entities controlled by users, posing significant security risks. Organizations using affected versions should implement necessary updates and security measures to mitigate potential exploitation.

Affected Version(s)

Wyse Management Suite 0 <= 3.8

References

https://www.dell.com/support/kbdoc/en-us/000206134/dsa-20...

vendor-advisory

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 11, 2023
Vulnerability Reserved
Dec 7, 2022