Details of VAR-202208-0820

ID

VAR-202208-0820

CVE

CVE-2022-29090

TITLE

Dell's Dell Wyse Management Suite Vulnerability in plaintext storage of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2022-014427

DESCRIPTION

Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform unauthorized actions. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery

Trust: 1.71

sources: NVD: CVE-2022-29090 // JVNDB: JVNDB-2022-014427 // VULHUB: VHN-420624

AFFECTED PRODUCTS

vendor:	dell	model:	wyse management suite	scope:	lt	version:	3.8.0	Trust: 1.0
vendor:	デル	model:	dell wyse management suite	scope:	eq	version:	3.8.0	Trust: 0.8
vendor:	デル	model:	dell wyse management suite	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	dell wyse management suite	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-014427 // NVD: CVE-2022-29090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-29090
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2022-29090
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-29090
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202208-2735
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-29090
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-29090
baseSeverity:	HIGH
baseScore:	8.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	4.7
version:	3.1
Trust: 1.0
NVD:	CVE-2022-29090
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-014427 // CNNVD: CNNVD-202208-2735 // NVD: CVE-2022-29090 // NVD: CVE-2022-29090

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.1
problemtype:	CWE-317	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-420624 // JVNDB: JVNDB-2022-014427 // NVD: CVE-2022-29090

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2735

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-2735

PATCH

title:

Dell Wyse Management Suite Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204263

Trust: 0.6

sources: CNNVD: CNNVD-202208-2735

EXTERNAL IDS

db:	NVD	id:	CVE-2022-29090	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-014427	Trust: 0.8
db:	CNNVD	id:	CNNVD-202208-2735	Trust: 0.6
db:	CNVD	id:	CNVD-2022-56655	Trust: 0.1
db:	VULHUB	id:	VHN-420624	Trust: 0.1

sources: VULHUB: VHN-420624 // JVNDB: JVNDB-2022-014427 // CNNVD: CNNVD-202208-2735 // NVD: CVE-2022-29090

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29090	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-29090/	Trust: 0.6

sources: VULHUB: VHN-420624 // JVNDB: JVNDB-2022-014427 // CNNVD: CNNVD-202208-2735 // NVD: CVE-2022-29090

SOURCES

db:	VULHUB	id:	VHN-420624
db:	JVNDB	id:	JVNDB-2022-014427
db:	CNNVD	id:	CNNVD-202208-2735
db:	NVD	id:	CVE-2022-29090

LAST UPDATE DATE

2024-08-14T15:32:34.715000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-420624	date:	2022-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-014427	date:	2023-09-19T08:08:00
db:	CNNVD	id:	CNNVD-202208-2735	date:	2022-08-15T00:00:00
db:	NVD	id:	CVE-2022-29090	date:	2022-08-12T21:42:50.803

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-420624	date:	2022-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-014427	date:	2023-09-19T00:00:00
db:	CNNVD	id:	CNNVD-202208-2735	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2022-29090	date:	2022-08-10T17:15:08.697