CVE-2022-34402

Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000203376/dsa-2022-247-dell-wyse-thinos-security-update-for-a-regular-expression-vulnerability	Patch Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000203376/dsa-2022-247-dell-wyse-thinos-security-update-for-a-regular-expression-vulnerability	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:wyse_thinos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:dell:latitude_3420:-:::::::*
	cpe:2.3:h:dell:optiplex_3000_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_3040_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5070_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:::::::*

History

21 Nov 2024, 07:09

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000203376/dsa-2022-247-dell-wyse-thinos-security-update-for-a-regular-expression-vulnerability - Patch, Vendor Advisory~~	() https://www.dell.com/support/kbdoc/en-us/000203376/dsa-2022-247-dell-wyse-thinos-security-update-for-a-regular-expression-vulnerability - Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~4.9~~	v2 : unknown v3 : 6.8

21 Jul 2023, 18:19

Type	Values Removed	Values Added
CWE	~~CWE-697~~	CWE-1333

Information

Published : 2022-10-10 21:15

Updated : 2024-11-21 07:09

NVD link : CVE-2022-34402

Mitre link : CVE-2022-34402

CVE.ORG link : CVE-2022-34402

JSON object : View

Products Affected

dell

wyse_5470_mobile_thin_client
latitude_3420
wyse_thinos
optiplex_3000_thin_client
wyse_5470_all-in-one_thin_client
wyse_3040_thin_client
wyse_5070_thin_client

CWE

CWE-1333

Inefficient Regular Expression Complexity

{"id": "CVE-2022-34402", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2022-10-10T21:15:11.067", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000203376/dsa-2022-247-dell-wyse-thinos-security-update-for-a-regular-expression-vulnerability", "tags": ["Patch", "Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/kbdoc/en-us/000203376/dsa-2022-247-dell-wyse-thinos-security-update-for-a-regular-expression-vulnerability", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-1333"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1333"}]}], "descriptions": [{"lang": "en", "value": "Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service."}, {"lang": "es", "value": "Dell Wyse ThinOS versi\u00f3n 2205, contiene una vulnerabilidad de Denegaci\u00f3n de Servicio por Expresi\u00f3n Regular en la Interfaz de Usuario. Un atacante con privilegios de administrador podr\u00eda explotar esta vulnerabilidad, conllevando a una denegaci\u00f3n de servicio"}], "lastModified": "2024-11-21T07:09:27.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:wyse_thinos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFBCEFF3-9A1E-46C9-9CF5-F04B67839075", "versionEndExcluding": "9.3.2102"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7FB6E60F-F100-42BF-BC38-A38620EF8D2C"}, {"criteria": "cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1C4B0B6B-7740-46D0-9FE0-3AFF8D9B4DDA"}, {"criteria": "cpe:2.3:h:dell:wyse_3040_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EE7CF2EF-93B1-4026-B923-3E08324245BD"}, {"criteria": "cpe:2.3:h:dell:wyse_5070_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C1664E2E-057D-4A8F-B8FC-73EC25D48DBC"}, {"criteria": "cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3929B7A4-D181-4258-8722-57A751DB4CCC"}, {"criteria": "cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1D9B6263-FF2F-428D-971B-48029951E62B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}