Описание
Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
Ссылки
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2411 (включая)
Одновременно
cpe:2.3:o:dell:thinos:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3440:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5440:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5450:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_5400_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7410_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7420_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5070_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:*:*:*:*:*:*:*
EPSS
Процентиль: 14%
0.00045
Низкий
7.8 High
CVSS3
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 7.8
github
11 месяцев назад
Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
EPSS
Процентиль: 14%
0.00045
Низкий
7.8 High
CVSS3
Дефекты
CWE-77