Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-3712

Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with privileges of the FTP client by sending specially crafted input data to the affected system. The FTP code that contained the vulnerability has been removed.

Published

2019-03-07T18:29:00.320

Last Modified

2024-11-21T04:42:23.080

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.2 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:C/I:C/A:C

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

6.5

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dell	windows_embedded_standard_wyse_device_agent	< 14.1.2.9	Yes
Application	dell	wyse_thinlinux_hagent	< 5.4.55_00.10	Yes

References

http://www.securityfocus.com/bid/107376 Third Party Advisory ([email protected])
https://www.dell.com/support/article/us/en/19/sln316391 Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/107376 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.dell.com/support/article/us/en/19/sln316391 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)