Vulnerability Details CVE-2021-21532
Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 12.0%
CVSS Severity
CVSS v3 Score 5.0
CVSS v2 Score 5.8
References
- https://www.dell.com/support/kbdoc/en-us/000184665/dsa-2021-069-dell-wyse-thinos-8-6-security-update-for-an-improper-management-server-validation-vulnerabilitydsa-2021-069-dell-wyse-thinos-8-6-security-update-for-an-improper-management-server-validation-
- https://www.dell.com/support/kbdoc/en-us/000184665/dsa-2021-069-dell-wyse-thinos-8-6-security-update-for-an-improper-management-server-validation-vulnerabilitydsa-2021-069-dell-wyse-thinos-8-6-security-update-for-an-improper-management-server-validation-
Products affected by CVE-2021-21532
-
cpe:2.3:o:dell:wyse_thinos:*
-
cpe:2.3:o:dell:wyse_thinos:8.6