Security News > 2020 > December > Critical Bugs in Dell Wyse Thin Clients Allow Code Execution, Client Takeovers
Dell has patched two critical security vulnerabilities in its Dell Wyse Thin Client Devices, which are small form-factor computers optimized for connecting to a remote desktop.
The bugs allow arbitrary code execution and the ability to access files and credentials, researchers said.
In the U.S. alone, more than 6,000 companies and organizations are using Dell Wyse thin clients inside their network, with many of these being healthcare providers, according to researchers at CyberMDX, who discovered the flaws.
As for how many devices are potentially impacted, it's unclear - but Dell has said in the past that there are "Millions" of Dell Wyse Thin Clients deployed within organizations.
All Dell Wyse Thin Clients running ThinOS versions 8.6 and below are affected.
News URL
https://threatpost.com/critical-bugs-dell-wyse-thin-clients/162452/
Related news
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk (source)
- Patch now: Critical Nvidia bug allows container escape, complete host takeover (source)
- Critical flaw in NVIDIA Container Toolkit allows full host takeover (source)
- Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications (source)