Saturday, October 12, 2024
HomeCVE/vulnerabilityCritical Dell Wyse Bugs Let Attackers to Execute Code and Access Files...

Critical Dell Wyse Bugs Let Attackers to Execute Code and Access Files and Credentials

Published on

Malware protection

The giant Dell Wyse is affected by two Critical Vulnerabilities CVE-2020-29491 and CVE-2020-29492 which targets thin client devices.

The CyberMDX Research team has discovered these vulnerabilities on Dell Wyse thin clients, wherein when the vulnerability is exploited, the attackers can run malicious codes remotely and access arbitrary files on the affected devices.

What is a thin client?

A thin client is a small form-factor computer optimized for performing a remote desktop connection to a distant (and usually) more resourceful hardware. The software used by the thin client is minimal and directed towards making a seamless remote connection experience.

- Advertisement - SIEM as a Service

Vulnerabilities

These CVE-2020-29491 and CVE-2020-29492 are the default configuration vulnerabilities that can access a writable file and can manipulate the configuration of a specific thin client and potentially gain access to sensitive information on it compromising the thin clients completely. The impact is marked as ‘Critical’ by DELL.

Affected Products

All the Dell Wyse Thin Clients running on ThinOS versions 8.6 are affected

ProductAffected Version(s)Updated Version(s)
Dell Wyse 3040 Thin Client (ENG)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 3040 Thin Client (JPN)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 3040 Thin Client with PCoIP (ENG)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 3040 Thin Client with PCoIP (JPN)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5010 Thin Client (ENG)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5010 Thin Client (JPN)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5010 Thin Client with PCoIP (ENG)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5010 Thin Client with PCoIP (JPN)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5040 Thin Client (ENG)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5040 Thin Client (JPN)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5040 Thin Client with PCoIP (ENG)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5040 Thin Client with PCoIP (JPN)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5060 Thin Client (ENG)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5060 Thin Client (JPN)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5060 Thin Client with PCoIP (ENG)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5060 Thin Client with PCoIP (JPN)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5070 Thin Client (ENG)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5070 Thin Client (JPN)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5070 Thin Client with PCoIP (ENG)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5070 Thin Client with PCoIP (JPN)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5470 AIO Thin Client (ENG)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5470 AIO Thin Client (JPN)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5470 AIO Thin Client with PCoIP (ENG)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5470 AIO Thin Client with PCoIP (JPN)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5470 Thin Client (ENG)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5470 Thin Client (JPN)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5470 Thin Client with PCoIP (ENG)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 5470 Thin Client with PCoIP (JPN)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 7010 Thin Client (ENG)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8
Dell Wyse 7010 thin client (JPN)Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol8.6 MR8

Impacts and mitigation

Dell Wyse thin client is widely used that around 6000 companies and organizations are making use of it in America alone. So it is likely to see that majority of Customers are under pressure to be cautious with the vulnerability.

Dell recommends customers to implement one of the following:

  • Secure the file server environment when using Dell Wyse ThinOS 8.6 clients – Impacted ThinOS 8.6 customers can secure their environment by updating their file servers to use a secure protocol (HTTPS instead of HTTP or FTP) and by ensuring file servers are set to read-only access. 
  • Deploy Dell Wyse Management Suite – Impacted ThinOS 8.6 customers can use Wyse Management Suite instead of a file server for imaging and device configuration. Wyse Management Suite communications enforce HTTPS protocol and all configurations are stored in a secure server database instead of editable configuration files.
  • Deploy Dell Wyse Management Suite with ThinOS 9 – In addition to deploying Wyse Management Suite, customers with eligible Wyse clients can update their operating system to ThinOS 9 free of charge. ThinOS 9 clients do not support file server configuration, and thus this exploit does not apply to Wyse clients running ThinOS 9.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Also Read

Dell SupportAssist Bug Exposes Business & Home PCs Let Hackers Attack Hundreds of Million Dell Computers

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...