PT-2019-16659 · Dell · Dell Wyse Thinlinux Hagent+1

Published

2019-03-07

Updated

2019-10-09

CVE-2019-3712

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell WES Wyse Device Agent versions prior to 14.1.2.9 Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10

Description The issue is related to a buffer overflow that can be exploited by an unauthenticated attacker to execute arbitrary code on the system with privileges of the FTP client. This can be achieved by sending specially crafted input data to the affected system. The vulnerable FTP code has been removed.

Recommendations For Dell WES Wyse Device Agent versions prior to 14.1.2.9, update to version 14.1.2.9 or later to resolve the issue. For Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10, update to version 5.4.55 00.10 or later to resolve the issue.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2019-3712

Affected Products

Dell Wes Wyse Device Agent

Dell Wyse Thinlinux Hagent

PT-2019-16659 · Dell · Dell Wyse Thinlinux Hagent+1

CVE-2019-3712

Weakness Enumeration

Related Identifiers

Affected Products

References · 4