CVE-2019-3712

Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with privileges of the FTP client by sending specially crafted input data to the affected system. The FTP code that contained the vulnerability has been removed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
dellCNA
8.2 HIGH
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
dellwindows_embedded_standard_wyse_device_agent
𝑥
< 14.1.2.9
dellwyse_thinlinux_hagent
𝑥
< 5.4.55_00.10
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
dellwyse_device_agent
𝑥
≤ 14.1.2.9
CNA
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/107376
https://www.dell.com/support/article/us/en/19/sln316391
http://www.securityfocus.com/bid/107376
https://www.dell.com/support/article/us/en/19/sln316391