PT-2021-21239 · Dell · Dell Wyse Management Suite

Published

2021-12-21

Updated

2021-12-27

CVE-2021-36337

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions 3.3.1 and prior

Description The issue concerns the support of insecure Transport Security Protocols, specifically TLS 1.0 and TLS 1.1, which are susceptible to Man-In-The-Middle attacks. This compromises the Confidentiality and Integrity of data.

Recommendations For Dell Wyse Management Suite versions 3.3.1 and prior, consider disabling the use of TLS 1.0 and TLS 1.1 protocols to minimize the risk of exploitation. Restrict access to sensitive data until a secure protocol, such as TLS 1.2 or later, is supported and enabled. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326

Related Identifiers

CVE-2021-36337

Affected Products

Dell Wyse Management Suite

PT-2021-21239 · Dell · Dell Wyse Management Suite

CVE-2021-36337

Weakness Enumeration

Related Identifiers

Affected Products

References · 3