Details of VAR-202208-1049

ID

VAR-202208-1049

CVE

CVE-2022-33928

TITLE

Dell's Dell Wyse Management Suite Vulnerability in plaintext storage of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2022-014405

DESCRIPTION

Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. (DoS) It may be in a state. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery

Trust: 1.71

sources: NVD: CVE-2022-33928 // JVNDB: JVNDB-2022-014405 // VULHUB: VHN-426120

AFFECTED PRODUCTS

vendor:	dell	model:	wyse management suite	scope:	lt	version:	3.8.0	Trust: 1.0
vendor:	デル	model:	dell wyse management suite	scope:	eq	version:	3.8.0	Trust: 0.8
vendor:	デル	model:	dell wyse management suite	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	dell wyse management suite	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-014405 // NVD: CVE-2022-33928

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-33928
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-33928
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-33928
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202208-2727
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-33928
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-33928
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2022-33928
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-014405 // CNNVD: CNNVD-202208-2727 // NVD: CVE-2022-33928 // NVD: CVE-2022-33928

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.1
problemtype:	CWE-256	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-426120 // JVNDB: JVNDB-2022-014405 // NVD: CVE-2022-33928

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2727

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-2727

PATCH

title:

Dell Wyse Management Suite Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204256

Trust: 0.6

sources: CNNVD: CNNVD-202208-2727

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33928	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-014405	Trust: 0.8
db:	CNNVD	id:	CNNVD-202208-2727	Trust: 0.6
db:	CNVD	id:	CNVD-2022-56660	Trust: 0.1
db:	VULHUB	id:	VHN-426120	Trust: 0.1

sources: VULHUB: VHN-426120 // JVNDB: JVNDB-2022-014405 // CNNVD: CNNVD-202208-2727 // NVD: CVE-2022-33928

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33928	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-33928/	Trust: 0.6

sources: VULHUB: VHN-426120 // JVNDB: JVNDB-2022-014405 // CNNVD: CNNVD-202208-2727 // NVD: CVE-2022-33928

SOURCES

db:	VULHUB	id:	VHN-426120
db:	JVNDB	id:	JVNDB-2022-014405
db:	CNNVD	id:	CNNVD-202208-2727
db:	NVD	id:	CVE-2022-33928

LAST UPDATE DATE

2024-08-14T14:55:18.348000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-426120	date:	2022-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-014405	date:	2023-09-19T08:08:00
db:	CNNVD	id:	CNNVD-202208-2727	date:	2022-08-15T00:00:00
db:	NVD	id:	CVE-2022-33928	date:	2022-08-13T00:12:57.457

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-426120	date:	2022-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-014405	date:	2023-09-19T00:00:00
db:	CNNVD	id:	CNNVD-202208-2727	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2022-33928	date:	2022-08-10T17:15:08.987