A team of researchers today unveils two critical security vulnerabilities it discovered in Dell Wyse Thin clients that would have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices.
The flaws, which were uncovered by healthcare cybersecurity provider CyberMDX and reported to Dell in June 2020, affects all devices running ThinOS versions 8.6 and below.
Dell has addressed both the vulnerabilities in an update released today. the issues even have a CVSS score of 10 out of 10, making them critical in severity.
Thin clients are typically computers that run from resources stored on a central server rather than a localized disk drive . They work by establishing a foreign connection to the server, which takes care of launching and running applications and storing relevant data.
Tracked as CVE-2020-29491 and CVE-2020-29492, the safety shortcomings in Wyse’s thin clients stem from the very fact that the FTP sessions wont to pull firmware updates and configurations from an area server are unprotected sans any authentication (“anonymous”), thus making it possible for an attacker within the same network to read and alter their configurations.
The first flaw, CVE-2020-29491, enables the user to access the server and skim configurations (.ini files) belonging to other clients.
A second consequence of getting no FTP credentials is that anyone on the network can access the FTP server and directly alter the .ini files holding the configuration for other thin client devices (CVE-2020-29492).
Most devastatingly, the configuration may include sensitive data, including potential passwords and account information that would be wont to compromise the device.
Given the relative simple exploitation of those flaws, it’s recommended that the patches are applied as soon as possible to remediate the danger .
CyberMDX also recommends updating compatible clients to ThinOS 9, which removes the INI file management feature. within the event an upgrade isn’t feasible, it’s advised to disable the utilization of FTP for fetching the vulnerable files and instead believe an HTTPS server or Wyse Management Suite.
“Reading or altering those parameters [in the .ini files] opens the door to a spread of attack scenarios,” CyberMDX researchers said. “Configuring and enabling VNC for full remote , leaking remote desktop credentials, and manipulating DNS results are a number of the scenarios to remember of.”
