CVE-2021-21598 : Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Informatio

Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log files.

Published 2021-08-10 19:15:07

Updated 2021-08-23 17:16:36

Source Dell

View at NVD, CVE.org

Products affected by CVE-2021-21598

Dell » Wyse Thinos » Version: 9.0
cpe:2.3:o:dell:wyse_thinos:9.0:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Wyse 3040 Thin Client » Version: N/A
When used together with: Dell » Wyse 5070 Thin Client » Version: N/A
When used together with: Dell » Wyse 5470 Thin Client » Version: N/A
Dell » Wyse Thinos » Version: 9.1
cpe:2.3:o:dell:wyse_thinos:9.1:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Wyse 3040 Thin Client » Version: N/A
When used together with: Dell » Wyse 5070 Thin Client » Version: N/A
When used together with: Dell » Wyse 5470 Thin Client » Version: N/A
Dell » Wyse Thinos » Version: 9.1 Update MR1
cpe:2.3:o:dell:wyse_thinos:9.1:mr1:*:*:*:*:*:*
Matching versions
When used together with: Dell » Wyse 3040 Thin Client » Version: N/A
When used together with: Dell » Wyse 5070 Thin Client » Version: N/A
When used together with: Dell » Wyse 5470 Thin Client » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-21598

EPSS FAQ

0.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 29 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-21598

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
3.9	LOW	CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	0.3	3.6	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
3.9	LOW	CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	0.3	3.6	Dell
Attack Vector: Physical Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2021-21598

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

Assigned by: security_alert@emc.com (Primary)

References for CVE-2021-21598

https://www.dell.com/support/kbdoc/000189543

DSA-2021-144: Dell Wyse ThinOS Security Update for Multiple Vulnerabilities | Dell Nederland
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-21598

Products affected by CVE-2021-21598

Exploit prediction scoring system (EPSS) score for CVE-2021-21598

CVSS scores for CVE-2021-21598

CWE ids for CVE-2021-21598

References for CVE-2021-21598