Sensitive Information Disclosure in Dell Wyse ThinOS
CVE-2023-32446

5.5MEDIUM

Key Information:

Vendor: Dell
Status: Wyse Proprietary Os (modern Thinos)
Vendor: CVE Published:; 20 July 2023

What is CVE-2023-32446?

Dell Wyse ThinOS prior to version 2303 (9.4.1141) is affected by a vulnerability that allows an unauthenticated user with local access to access sensitive information through log files. This could enable attackers to obtain confidential data, thereby compromising the security and privacy of the system. For more information, refer to Dell's advisory.

Affected Version(s)

Wyse Proprietary OS (Modern ThinOS) 2303 (9.4.1141)

References

https://www.dell.com/support/kbdoc/en-us/000215864/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 20, 2023
Vulnerability Reserved
May 9, 2023