Vulnerability Details : CVE-2022-34402
Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service.
Vulnerability category: Denial of service
Products affected by CVE-2022-34402
- cpe:2.3:o:dell:wyse_thinos:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-34402
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-34402
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.9
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
1.2
|
3.6
|
NIST | |
|
6.8
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H |
2.3
|
4.0
|
Dell |
CWE ids for CVE-2022-34402
-
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.Assigned by: nvd@nist.gov (Primary)
-
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.Assigned by:
- nvd@nist.gov (Primary)
- security_alert@emc.com (Secondary)
References for CVE-2022-34402
-
https://www.dell.com/support/kbdoc/en-us/000203376/dsa-2022-247-dell-wyse-thinos-security-update-for-a-regular-expression-vulnerability
DSA-2022-247: Dell Wyse ThinOS Security Update for a Regular Expression Vulnerability | Dell NederlandPatch;Vendor Advisory
Jump to