Dell Wyse ThinOS Vulnerabilities Overview

This report is about two high-value vulnerabilities affecting Dell Wyse ThinOS. The Dell thin client vulnerabilities allow remote attackers the possibility to gain initial access to the network and can provide some lateral movement opportunities. There are patches available for these vulnerabilities on the vendor’s website.

Tactics, Techniques, and Procedures

The vulnerabilities have been given the identifying information of CVE-2020-29491 and CVE-2020-29492 respectively. CVE-2020-29491 and CVE-2020-29492 affect thin clients running Dell Wyse ThinOS 8.6 MR8.

CVE-2020-29491 is caused by an unsecured default configuration that allows a remote unauthenticated attacker to gather sensitive information on the local network. This may provide the attacker with the option to compromise the vulnerable thin clients.

CVE-2020-29492 is caused by an insecure default configuration that allows a remote unauthenticated attacker to access a writable file which can be used to manipulate the configuration of that specific thin client.

Business Unit Impact

  • May provide a foothold for the bad actor to perform the lateral movement in the environment and launch future attacks
  • Could result in the compromise of computers in the network
  • May allow for reconnaissance and intelligence operations on the network architecture


It is highly encouraged that you implement the vendor patch linked below and ensure that outside access to the thin clients on the network is limited so as to reduce the likelihood of successful exploitation.

Learn about Avertium's vulnerability management-as-a-service


Supporting Documentation

Vendor Patch:

MITRE Mapping(s):

Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.

This informed analysis is based on the latest data available.

Chat With One of Our Experts

CVE-2020-29492 Threat Report Dell thinOS CVE-2020-29491 vulnerability management Threat Detection and Response Blog