Dell ThinOS Command Injection Vulnerability: Unauthorized Elevation of Privileges
CVE-2024-42427

7.6HIGH

Key Information:

Vendor: Dell
Status: Wyse Proprietary Os (modern Thinos)
Vendor: CVE Published:; 10 September 2024

Summary

Dell ThinOS versions 2402 and 2405 are affected by a command injection vulnerability. This security issue arises from improper neutralization of special elements used within commands, potentially allowing an unauthenticated attacker with physical access to exploit the vulnerability. Successful exploitation may result in an elevation of privileges, granting the attacker increased access to the affected system.

Affected Version(s)

Wyse Proprietary OS (Modern ThinOS) Dell ThinOS 2402

Wyse Proprietary OS (Modern ThinOS) Dell ThinOS 2405

References

https://www.dell.com/support/kbdoc/en-us/000228350/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 1, 2024

Credit

Dell would like to thank REQON for reporting this issue