Details of VAR-201206-0001

ID

VAR-201206-0001

CVE

CVE-2009-0693

TITLE

Wyse Device Manager (WDM) HServer and HAgent contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#654545

DESCRIPTION

Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe. Wyse Device Manager (WDM) Server and HAgent contain several vulnerabilities. An attacker with network access to WDM components could execute arbitrary code on vulnerable systems. Failed attempts will likely cause a denial-of-service condition

Trust: 2.7

sources: NVD: CVE-2009-0693 // CERT/CC: VU#654545 // JVNDB: JVNDB-2012-002800 // BID: 82987 // VULHUB: VHN-38139

AFFECTED PRODUCTS

vendor:	dell	model:	wyse device manager	scope:	eq	version:	4.7.0	Trust: 1.6
vendor:	dell	model:	wyse device manager	scope:	eq	version:	4.7.2	Trust: 1.6
vendor:	dell	model:	wyse device manager	scope:	eq	version:	4.7.1	Trust: 1.6
vendor:	wyse	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	wise	model:	wyse device manager	scope:	eq	version:	4.7.x	Trust: 0.8

sources: CERT/CC: VU#654545 // JVNDB: JVNDB-2012-002800 // CNNVD: CNNVD-201206-353 // NVD: CVE-2009-0693

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-0693
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#654545
value:	13.51
Trust: 0.8
NVD:	CVE-2009-0693
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201206-353
value:	HIGH
Trust: 0.6
VULHUB:	VHN-38139
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-0693
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-38139
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#654545 // VULHUB: VHN-38139 // JVNDB: JVNDB-2012-002800 // CNNVD: CNNVD-201206-353 // NVD: CVE-2009-0693

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-38139 // JVNDB: JVNDB-2012-002800 // NVD: CVE-2009-0693

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201206-353

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201206-353

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002800

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-38139

PATCH

title:

Wyse Device Manager

url:

http://www.wyse.co.jp/products/software/devicemanager/index.asp

Trust: 0.8

sources: JVNDB: JVNDB-2012-002800

EXTERNAL IDS

db:	CERT/CC	id:	VU#654545	Trust: 3.6
db:	NVD	id:	CVE-2009-0693	Trust: 2.8
db:	OSVDB	id:	55808	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-002800	Trust: 0.8
db:	CNNVD	id:	CNNVD-201206-353	Trust: 0.7
db:	FULLDISC	id:	20090710 'SECURE' WYSE THIN CLIENTS VULNERABLE TO REMOTE EXPLOIT BUGS	Trust: 0.6
db:	BID	id:	82987	Trust: 0.3
db:	SEEBUG	id:	SSVID-73097	Trust: 0.1
db:	EXPLOIT-DB	id:	19137	Trust: 0.1
db:	VULHUB	id:	VHN-38139	Trust: 0.1

sources: CERT/CC: VU#654545 // VULHUB: VHN-38139 // BID: 82987 // JVNDB: JVNDB-2012-002800 // CNNVD: CNNVD-201206-353 // NVD: CVE-2009-0693

REFERENCES

url:	http://www.wyse.com/serviceandsupport/wyse%20security%20bulletin%20wsb09-01.pdf	Trust: 2.8
url:	http://www.theregister.co.uk/2009/07/10/wyse_remote_exploit_bugs/	Trust: 2.8
url:	http://www.kb.cert.org/vuls/id/654545	Trust: 2.8
url:	http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0101.html	Trust: 2.5
url:	http://osvdb.org/show/osvdb/55808	Trust: 0.8
url:	http://www.wyse.com/serviceandsupport/support/wsb09-01.zip	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0693	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0693	Trust: 0.8

sources: CERT/CC: VU#654545 // VULHUB: VHN-38139 // BID: 82987 // JVNDB: JVNDB-2012-002800 // CNNVD: CNNVD-201206-353 // NVD: CVE-2009-0693

CREDITS

Unknown

Trust: 0.3

sources: BID: 82987

SOURCES

db:	CERT/CC	id:	VU#654545
db:	VULHUB	id:	VHN-38139
db:	BID	id:	82987
db:	JVNDB	id:	JVNDB-2012-002800
db:	CNNVD	id:	CNNVD-201206-353
db:	NVD	id:	CVE-2009-0693

LAST UPDATE DATE

2025-04-11T23:16:45.175000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#654545	date:	2009-10-16T00:00:00
db:	VULHUB	id:	VHN-38139	date:	2012-06-20T00:00:00
db:	BID	id:	82987	date:	2016-07-05T21:23:00
db:	JVNDB	id:	JVNDB-2012-002800	date:	2012-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201206-353	date:	2012-06-20T00:00:00
db:	NVD	id:	CVE-2009-0693	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#654545	date:	2009-10-13T00:00:00
db:	VULHUB	id:	VHN-38139	date:	2012-06-19T00:00:00
db:	BID	id:	82987	date:	2012-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2012-002800	date:	2012-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201206-353	date:	2012-06-20T00:00:00
db:	NVD	id:	CVE-2009-0693	date:	2012-06-19T20:55:02.037