Details of VAR-202208-0903

ID

VAR-202208-0903

CVE

CVE-2022-33930

TITLE

Dell's Dell Wyse Management Suite Vulnerability regarding information leakage due to error messages in

Trust: 0.8

sources: JVNDB: JVNDB-2022-014403

DESCRIPTION

Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. An attacker could potentially exploit this vulnerability, leading to the disclosure of certain sensitive information. The attacker may be able to use the exposed information to access and further vulnerability research. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery

Trust: 1.71

sources: NVD: CVE-2022-33930 // JVNDB: JVNDB-2022-014403 // VULHUB: VHN-426122

AFFECTED PRODUCTS

vendor:	dell	model:	wyse management suite	scope:	lt	version:	3.8.0	Trust: 1.0
vendor:	デル	model:	dell wyse management suite	scope:	eq	version:	3.8.0	Trust: 0.8
vendor:	デル	model:	dell wyse management suite	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	dell wyse management suite	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-014403 // NVD: CVE-2022-33930

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-33930
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-33930
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-33930
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202208-2725
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-33930
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-33930
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-33930
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-014403 // CNNVD: CNNVD-202208-2725 // NVD: CVE-2022-33930 // NVD: CVE-2022-33930

PROBLEMTYPE DATA

problemtype:	CWE-209	Trust: 1.1
problemtype:	Information leakage due to error message (CWE-209) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-426122 // JVNDB: JVNDB-2022-014403 // NVD: CVE-2022-33930

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2725

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-2725

PATCH

title:

Dell Wyse Management Suite Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204254

Trust: 0.6

sources: CNNVD: CNNVD-202208-2725

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33930	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-014403	Trust: 0.8
db:	CNNVD	id:	CNNVD-202208-2725	Trust: 0.6
db:	CNVD	id:	CNVD-2022-56662	Trust: 0.1
db:	VULHUB	id:	VHN-426122	Trust: 0.1

sources: VULHUB: VHN-426122 // JVNDB: JVNDB-2022-014403 // CNNVD: CNNVD-202208-2725 // NVD: CVE-2022-33930

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33930	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-33930/	Trust: 0.6

sources: VULHUB: VHN-426122 // JVNDB: JVNDB-2022-014403 // CNNVD: CNNVD-202208-2725 // NVD: CVE-2022-33930

SOURCES

db:	VULHUB	id:	VHN-426122
db:	JVNDB	id:	JVNDB-2022-014403
db:	CNNVD	id:	CNNVD-202208-2725
db:	NVD	id:	CVE-2022-33930

LAST UPDATE DATE

2024-08-14T14:24:37.770000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-426122	date:	2022-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-014403	date:	2023-09-19T08:08:00
db:	CNNVD	id:	CNNVD-202208-2725	date:	2022-08-15T00:00:00
db:	NVD	id:	CVE-2022-33930	date:	2022-08-13T00:13:29.523

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-426122	date:	2022-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-014403	date:	2023-09-19T00:00:00
db:	CNNVD	id:	CNNVD-202208-2725	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2022-33930	date:	2022-08-10T17:15:09.103