CVE-2022-46676

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
dellwyse_management_suite
𝑥
≤ 3.8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000206134/dsa-2022-329-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities
https://www.dell.com/support/kbdoc/en-us/000206134/dsa-2022-329-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities