Security News > 2020 > December > Critical Vulnerabilities Expose Dell Wyse Thin Client Devices to Attacks
Dell on Monday informed customers that updates released for some of its Wyse Thin Client products patch a couple of critical vulnerabilities that can be exploited remotely without authentication to compromise devices.
Dell Wyse Thin Client is a small form-factor PC series that runs an operating system named ThinOS, which Dell advertises as "The most secure thin client operating system." According to CyberMDX, there are more than 6,000 organizations using these products, including many healthcare providers, in the U.S. alone.
CyberMDX researchers noticed that the local FTP server used by Wyse Thin Client devices to obtain new firmware, packages and configurations is, by default, accessible without credentials, allowing anyone on the network to access it.
An attacker could access an INI file stored on this server that contains configuration data for thin client devices and make modifications to that file.
Dell informed customers that the vulnerabilities impact Wyse 3040, 5010, 5040, 5060, 5070, 5470 and 7010 thin client devices running ThinOS 8.6 and prior.
News URL
Related news
- Ivanti warns of another critical CSA flaw exploited in attacks (source)
- Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)
- Critical Ivanti vTM auth bypass bug now exploited in attacks (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)