Security News > 2020 > December > Critical bugs in Dell Wyse ThinOS allow thin client take over

Critical bugs in Dell Wyse ThinOS allow thin client take over
2020-12-21 12:59

Almost a dozen Dell Wyse thin client models are vulnerable to critical issues that could be exploited by a remote attacker to run malicious code and gain access to arbitrary files.

It is estimated that more than 6,000 organizations, most of them from the healthcare sector, have deployed Dell Wyse thin clients on their networks.

The vulnerabilities are in components of ThinOS, the operating system on Dell Wyse thin clients.

"Since there are no credentials, essentially anyone on the network can access the FTP server and modify that INI file holding configuration for the thin client devices"- Elad Luz.

One scenario an attacker could leverage these vulnerabilities is to read or modify parameters in the configuration file that would give them remote control over the thin device.


News URL

https://www.bleepingcomputer.com/news/security/critical-bugs-in-dell-wyse-thinos-allow-thin-client-take-over/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Dell 1678 29 437 430 109 1005