Details of VAR-202202-0979

ID

VAR-202202-0979

CVE

CVE-2022-23158

TITLE

Dell's Dell Wyse Device Agent Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2022-007654

DESCRIPTION

Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server. An attacker could exploit this vulnerability to gain access to potentially sensitive information

Trust: 1.8

sources: NVD: CVE-2022-23158 // JVNDB: JVNDB-2022-007654 // VULHUB: VHN-412054 // VULMON: CVE-2022-23158

AFFECTED PRODUCTS

vendor:	dell	model:	wyse device agent	scope:	lte	version:	14.6.1.4	Trust: 1.0
vendor:	デル	model:	dell wyse device agent	scope:	lte	version:	14.6.1.4 and earlier	Trust: 0.8
vendor:	デル	model:	dell wyse device agent	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell wyse device agent	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-007654 // NVD: CVE-2022-23158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-23158
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2022-23158
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-23158
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202202-1592
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-412054
value:	LOW
Trust: 0.1
VULMON:	CVE-2022-23158
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-23158
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-412054
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-23158
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-23158
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.5
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-23158
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-412054 // VULMON: CVE-2022-23158 // JVNDB: JVNDB-2022-007654 // CNNVD: CNNVD-202202-1592 // NVD: CVE-2022-23158 // NVD: CVE-2022-23158

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	CWE-183	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-412054 // JVNDB: JVNDB-2022-007654 // NVD: CVE-2022-23158

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-1592

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202202-1592

PATCH

title:	Dell Wyse Device Agent Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182801	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-23158 // CNNVD: CNNVD-202202-1592

EXTERNAL IDS

db:	NVD	id:	CVE-2022-23158	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-007654	Trust: 0.8
db:	CS-HELP	id:	SB2022021803	Trust: 0.6
db:	CNNVD	id:	CNNVD-202202-1592	Trust: 0.6
db:	CNVD	id:	CNVD-2022-42741	Trust: 0.1
db:	VULHUB	id:	VHN-412054	Trust: 0.1
db:	VULMON	id:	CVE-2022-23158	Trust: 0.1

sources: VULHUB: VHN-412054 // VULMON: CVE-2022-23158 // JVNDB: JVNDB-2022-007654 // CNNVD: CNNVD-202202-1592 // NVD: CVE-2022-23158

REFERENCES

url:	https://www.dell.com/support/kbdoc/000196005	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23158	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-23158/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022021803	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-412054 // VULMON: CVE-2022-23158 // JVNDB: JVNDB-2022-007654 // CNNVD: CNNVD-202202-1592 // NVD: CVE-2022-23158

SOURCES

db:	VULHUB	id:	VHN-412054
db:	VULMON	id:	CVE-2022-23158
db:	JVNDB	id:	JVNDB-2022-007654
db:	CNNVD	id:	CNNVD-202202-1592
db:	NVD	id:	CVE-2022-23158

LAST UPDATE DATE

2024-11-23T22:57:48.146000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-412054	date:	2022-04-08T00:00:00
db:	VULMON	id:	CVE-2022-23158	date:	2022-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-007654	date:	2023-07-19T08:27:00
db:	CNNVD	id:	CNNVD-202202-1592	date:	2022-04-11T00:00:00
db:	NVD	id:	CVE-2022-23158	date:	2024-11-21T06:48:06.107

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-412054	date:	2022-04-01T00:00:00
db:	VULMON	id:	CVE-2022-23158	date:	2022-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-007654	date:	2023-07-19T00:00:00
db:	CNNVD	id:	CNNVD-202202-1592	date:	2022-02-18T00:00:00
db:	NVD	id:	CVE-2022-23158	date:	2022-04-01T20:15:08.057