Details of VAR-201903-0148

ID

VAR-201903-0148

CVE

CVE-2019-3712

TITLE

Dell WES Wyse Device Agent and Dell Wyse ThinLinux HAgent Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-002616

DESCRIPTION

Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with privileges of the FTP client by sending specially crafted input data to the affected system. The FTP code that contained the vulnerability has been removed. Failed exploit attempts may result in denial-of-service conditions

Trust: 1.98

sources: NVD: CVE-2019-3712 // JVNDB: JVNDB-2019-002616 // BID: 107376 // VULHUB: VHN-155147

AFFECTED PRODUCTS

vendor:	dell	model:	windows embedded standard wyse device agent	scope:	lt	version:	14.1.2.9	Trust: 1.0
vendor:	dell	model:	wyse thinlinux hagent	scope:	lt	version:	5.4.55_00.10	Trust: 1.0
vendor:	dell	model:	wes wyse device agent	scope:	lt	version:	14.1.2.9	Trust: 0.8
vendor:	dell	model:	wyse thinlinux hagent	scope:	lt	version:	5.4.55 00.10	Trust: 0.8
vendor:	dell	model:	wyse thinlinux hagent	scope:	eq	version:	0	Trust: 0.3
vendor:	dell	model:	wes wyse device agent	scope:	eq	version:	0	Trust: 0.3
vendor:	dell	model:	wyse thinlinux hagent	scope:	ne	version:	5.4.5500.10	Trust: 0.3
vendor:	dell	model:	wes wyse device agent	scope:	ne	version:	14.1.2.9	Trust: 0.3

sources: BID: 107376 // JVNDB: JVNDB-2019-002616 // NVD: CVE-2019-3712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-3712
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2019-3712
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-3712
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201903-212
value:	HIGH
Trust: 0.6
VULHUB:	VHN-155147
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-3712
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-155147
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-3712
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
security_alert@emc.com:	CVE-2019-3712
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	1.6
impactScore:	6.0
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-155147 // JVNDB: JVNDB-2019-002616 // CNNVD: CNNVD-201903-212 // NVD: CVE-2019-3712 // NVD: CVE-2019-3712

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-155147 // JVNDB: JVNDB-2019-002616 // NVD: CVE-2019-3712

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201903-212

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201903-212

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002616

PATCH

title:	Dell Wyseデバイスエージェントのバッファーオーバーフローの脆弱性	url:	https://www.dell.com/support/article/us/en/19/sln316391	Trust: 0.8
title:	Dell WES Wyse Device Agent and Dell Wyse ThinLinux HAgent Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89877	Trust: 0.6

sources: JVNDB: JVNDB-2019-002616 // CNNVD: CNNVD-201903-212

EXTERNAL IDS

db:	NVD	id:	CVE-2019-3712	Trust: 2.8
db:	BID	id:	107376	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-002616	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-212	Trust: 0.7
db:	VULHUB	id:	VHN-155147	Trust: 0.1

sources: VULHUB: VHN-155147 // BID: 107376 // JVNDB: JVNDB-2019-002616 // CNNVD: CNNVD-201903-212 // NVD: CVE-2019-3712

REFERENCES

url:	http://www.securityfocus.com/bid/107376	Trust: 2.3
url:	https://www.dell.com/support/article/us/en/19/sln316391	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3712	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3712	Trust: 0.8
url:	http://dell.com	Trust: 0.3
url:	https://www.dell.com/support/article/ie/en/iedhs1/sln316391/dsa-2019-039-dell-wyse-device-agent-buffer-overflow-vulnerability?lang=en	Trust: 0.3

sources: VULHUB: VHN-155147 // BID: 107376 // JVNDB: JVNDB-2019-002616 // CNNVD: CNNVD-201903-212 // NVD: CVE-2019-3712

CREDITS

Jason Larsen of IOActive.

Trust: 0.9

sources: BID: 107376 // CNNVD: CNNVD-201903-212

SOURCES

db:	VULHUB	id:	VHN-155147
db:	BID	id:	107376
db:	JVNDB	id:	JVNDB-2019-002616
db:	CNNVD	id:	CNNVD-201903-212
db:	NVD	id:	CVE-2019-3712

LAST UPDATE DATE

2024-11-23T23:08:27.027000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-155147	date:	2019-10-09T00:00:00
db:	BID	id:	107376	date:	2019-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-002616	date:	2019-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-212	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-3712	date:	2024-11-21T04:42:23.080

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-155147	date:	2019-03-07T00:00:00
db:	BID	id:	107376	date:	2019-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-002616	date:	2019-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-212	date:	2019-03-07T00:00:00
db:	NVD	id:	CVE-2019-3712	date:	2019-03-07T18:29:00.320