PT-2022-15883 · Dell · Dell Wyse Management Suite

Bugbounty2K20

Published

2022-04-01

Updated

2022-04-09

CVE-2022-23155

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions 2.0 through 3.5.2

Description The issue is related to an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability to execute arbitrary code on the system.

Recommendations For Dell Wyse Management Suite versions 2.0 through 3.5.2, consider restricting admin privileges and access to file upload functionality until a patch is available. As a temporary workaround, consider disabling file upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-23155

Affected Products

Dell Wyse Management Suite

PT-2022-15883 · Dell · Dell Wyse Management Suite

CVE-2022-23155

Weakness Enumeration

Related Identifiers

Affected Products

References · 5