Sign-up

ID

VAR-202208-0824


CVE

CVE-2022-33925


TITLE

Dell's  Dell Wyse Management Suite  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-014408

DESCRIPTION

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An remote authenticated attacker could potentially exploit this vulnerability by bypassing access controls in order to download reports containing sensitive information. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery

Trust: 1.71

sources: NVD: CVE-2022-33925 // JVNDB: JVNDB-2022-014408 // VULHUB: VHN-426117

AFFECTED PRODUCTS

vendor:dellmodel:wyse management suitescope:ltversion:3.8.0

Trust: 1.0

vendor:デルmodel:dell wyse management suitescope:eqversion:3.8.0

Trust: 0.8

vendor:デルmodel:dell wyse management suitescope:eqversion: -

Trust: 0.8

vendor:デルmodel:dell wyse management suitescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-014408 // NVD: CVE-2022-33925

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-33925
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2022-33925
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-33925
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202208-2730
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-33925
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-33925
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-014408 // CNNVD: CNNVD-202208-2730 // NVD: CVE-2022-33925 // NVD: CVE-2022-33925

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-014408 // NVD: CVE-2022-33925

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2730

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-2730

PATCH

title:Dell Wyse Management Suite Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204259

Trust: 0.6

sources: CNNVD: CNNVD-202208-2730

EXTERNAL IDS

db:NVDid:CVE-2022-33925

Trust: 3.3

db:JVNDBid:JVNDB-2022-014408

Trust: 0.8

db:CNNVDid:CNNVD-202208-2730

Trust: 0.6

db:CNVDid:CNVD-2022-56657

Trust: 0.1

db:VULHUBid:VHN-426117

Trust: 0.1

sources: VULHUB: VHN-426117 // JVNDB: JVNDB-2022-014408 // CNNVD: CNNVD-202208-2730 // NVD: CVE-2022-33925

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-33925

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-33925/

Trust: 0.6

sources: VULHUB: VHN-426117 // JVNDB: JVNDB-2022-014408 // CNNVD: CNNVD-202208-2730 // NVD: CVE-2022-33925

SOURCES

db:VULHUBid:VHN-426117
db:JVNDBid:JVNDB-2022-014408
db:CNNVDid:CNNVD-202208-2730
db:NVDid:CVE-2022-33925

LAST UPDATE DATE

2024-08-14T13:21:46.144000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-426117date:2022-08-12T00:00:00
db:JVNDBid:JVNDB-2022-014408date:2023-09-19T08:08:00
db:CNNVDid:CNNVD-202208-2730date:2022-08-15T00:00:00
db:NVDid:CVE-2022-33925date:2022-08-12T21:45:17.157

SOURCES RELEASE DATE

db:VULHUBid:VHN-426117date:2022-08-10T00:00:00
db:JVNDBid:JVNDB-2022-014408date:2023-09-19T00:00:00
db:CNNVDid:CNNVD-202208-2730date:2022-08-10T00:00:00
db:NVDid:CVE-2022-33925date:2022-08-10T17:15:08.817