Vulnerability Details : CVE-2018-15781
The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text.
Products affected by CVE-2018-15781
- cpe:2.3:a:dell:wyse_thinlinux:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-15781
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-15781
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.9
|
HIGH | AV:A/AC:M/Au:N/C:C/I:C/A:C |
5.5
|
10.0
|
NIST | |
8.0
|
HIGH | CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.1
|
5.9
|
NIST | |
7.9
|
HIGH | CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
1.2
|
6.0
|
Dell |
CWE ids for CVE-2018-15781
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-15781
-
https://www.dell.com/support/article/SLN316104
Access DeniedPatch;Vendor Advisory
Jump to