Critical Dell Wyse Bugs Let Attackers to Execute Code and Access Files and Credentials

The giant Dell Wyse is affected by two Critical Vulnerabilities CVE-2020-29491 and CVE-2020-29492 which targets thin client devices.

The CyberMDX Research team has discovered these vulnerabilities on Dell Wyse thin clients, wherein when the vulnerability is exploited, the attackers can run malicious codes remotely and access arbitrary files on the affected devices.

What is a thin client?

A thin client is a small form-factor computer optimized for performing a remote desktop connection to a distant (and usually) more resourceful hardware. The software used by the thin client is minimal and directed towards making a seamless remote connection experience.

Vulnerabilities

These CVE-2020-29491 and CVE-2020-29492 are the default configuration vulnerabilities that can access a writable file and can manipulate the configuration of a specific thin client and potentially gain access to sensitive information on it compromising the thin clients completely. The impact is marked as ‘Critical’ by DELL.

Affected Products

All the Dell Wyse Thin Clients running on ThinOS versions 8.6 are affected

Product	Affected Version(s)	Updated Version(s)
Dell Wyse 3040 Thin Client (ENG)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 3040 Thin Client (JPN)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 3040 Thin Client with PCoIP (ENG)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 3040 Thin Client with PCoIP (JPN)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5010 Thin Client (ENG)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5010 Thin Client (JPN)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5010 Thin Client with PCoIP (ENG)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5010 Thin Client with PCoIP (JPN)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5040 Thin Client (ENG)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5040 Thin Client (JPN)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5040 Thin Client with PCoIP (ENG)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5040 Thin Client with PCoIP (JPN)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5060 Thin Client (ENG)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5060 Thin Client (JPN)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5060 Thin Client with PCoIP (ENG)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5060 Thin Client with PCoIP (JPN)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5070 Thin Client (ENG)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5070 Thin Client (JPN)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5070 Thin Client with PCoIP (ENG)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5070 Thin Client with PCoIP (JPN)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5470 AIO Thin Client (ENG)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5470 AIO Thin Client (JPN)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5470 AIO Thin Client with PCoIP (ENG)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5470 AIO Thin Client with PCoIP (JPN)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5470 Thin Client (ENG)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5470 Thin Client (JPN)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5470 Thin Client with PCoIP (ENG)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 5470 Thin Client with PCoIP (JPN)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 7010 Thin Client (ENG)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8
Dell Wyse 7010 thin client (JPN)	Versions prior to 8.6 MR8 where the Client is receiving configurations from a remote file server over an insecure protocol	8.6 MR8

Impacts and mitigation

Dell Wyse thin client is widely used that around 6000 companies and organizations are making use of it in America alone. So it is likely to see that majority of Customers are under pressure to be cautious with the vulnerability.

Dell recommends customers to implement one of the following:

• Secure the file server environment when using Dell Wyse ThinOS 8.6 clients – Impacted ThinOS 8.6 customers can secure their environment by updating their file servers to use a secure protocol (HTTPS instead of HTTP or FTP) and by ensuring file servers are set to read-only access.

• Deploy Dell Wyse Management Suite – Impacted ThinOS 8.6 customers can use Wyse Management Suite instead of a file server for imaging and device configuration. Wyse Management Suite communications enforce HTTPS protocol and all configurations are stored in a secure server database instead of editable configuration files.

• Deploy Dell Wyse Management Suite with ThinOS 9 – In addition to deploying Wyse Management Suite, customers with eligible Wyse clients can update their operating system to ThinOS 9 free of charge. ThinOS 9 clients do not support file server configuration, and thus this exploit does not apply to Wyse clients running ThinOS 9.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Also Read

Dell SupportAssist Bug Exposes Business & Home PCs Let Hackers Attack Hundreds of Million Dell Computers