Dell Wyse ThinOS Vulnerabilities Overview
This report is about two high value vulnerabilities affecting Dell Wyse ThinOS. The Dell thin client vulnerabilities allow remote attackers with the possibility to gain initial access to the network and can provide some lateral movement opportunities. There are patches available for these vulnerabilities on the vendor’s website.
Tactics, Techniques and Procedures
The vulnerabilities have been given the identifying information of CVE-2020-29491 and CVE-2020-29492 respectively. CVE-2020-29491 and CVE-2020-29492 affect thin clients running Dell Wyse ThinOS 8.6 MR8.
CVE-2020-29491 is caused by an unsecure default configuration that allows a remote unauthenticated attacker to gather sensitive information on the local network. This may provide the attacker with the option to compromise the vulnerable thin clients.
CVE-2020-29492 is caused by un insecure default configuration that allows a remote unauthenticated attacker to access a writable file which can be used to manipulate the configuration of that specific thin client.
Business Unit Impact
- May provide a foothold for the bad actor to perform lateral movement in the environment and launch future attacks
- Could result in the compromise of computers in the network
- May allow for reconnaissance and intelligence operations on the network architecture
It is highly encouraged that you implement the vendor patch linked below and ensure that outside access to the thin clients on the network is limited so as to reduce the likelihood of successful exploitation.
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.