Sign-up

ID

VAR-202104-0673


CVE

CVE-2021-21532


TITLE

Dell Wyse ThinOS  Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-005294

DESCRIPTION

Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file. Dell Wyse ThinOS Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Dell Wyse ThinOS is a dedicated operating system for Dell servers developed by Dell in the United States

Trust: 1.8

sources: NVD: CVE-2021-21532 // JVNDB: JVNDB-2021-005294 // VULHUB: VHN-379936 // VULMON: CVE-2021-21532

AFFECTED PRODUCTS

vendor:dellmodel:wyse thinosscope:eqversion:8.6

Trust: 1.0

vendor:dellmodel:wyse thinosscope:ltversion:8.6

Trust: 1.0

vendor:デルmodel:wyse thinosscope:eqversion:8.6 mr9

Trust: 0.8

vendor:デルmodel:wyse thinosscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-005294 // NVD: CVE-2021-21532

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21532
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2021-21532
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-21532
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-069
value: MEDIUM

Trust: 0.6

VULHUB: VHN-379936
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-21532
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-21532
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-379936
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-21532
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2021-21532
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.6
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-21532
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-379936 // VULMON: CVE-2021-21532 // JVNDB: JVNDB-2021-005294 // CNNVD: CNNVD-202104-069 // NVD: CVE-2021-21532 // NVD: CVE-2021-21532

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-16

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-379936 // JVNDB: JVNDB-2021-005294 // NVD: CVE-2021-21532

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202104-069

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202104-069

PATCH

title:DSA-2021-069url:https://www.dell.com/support/kbdoc/en-us/000184665/dsa-2021-069-dell-wyse-thinos-8-6-security-update-for-an-improper-management-server-validation-vulnerabilitydsa-2021-069-dell-wyse-thinos-8-6-security-update-for-an-improper-management-server-validation-

Trust: 0.8

title:Dell Wyse ThinOS Fixes for configuration error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146616

Trust: 0.6

sources: JVNDB: JVNDB-2021-005294 // CNNVD: CNNVD-202104-069

EXTERNAL IDS

db:NVDid:CVE-2021-21532

Trust: 3.4

db:JVNDBid:JVNDB-2021-005294

Trust: 0.8

db:CNNVDid:CNNVD-202104-069

Trust: 0.6

db:VULHUBid:VHN-379936

Trust: 0.1

db:VULMONid:CVE-2021-21532

Trust: 0.1

sources: VULHUB: VHN-379936 // VULMON: CVE-2021-21532 // JVNDB: JVNDB-2021-005294 // CNNVD: CNNVD-202104-069 // NVD: CVE-2021-21532

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000184665/dsa-2021-069-dell-wyse-thinos-8-6-security-update-for-an-improper-management-server-validation-vulnerabilitydsa-2021-069-dell-wyse-thinos-8-6-security-update-for-an-improper-management-server-validation-

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-21532

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-379936 // VULMON: CVE-2021-21532 // JVNDB: JVNDB-2021-005294 // CNNVD: CNNVD-202104-069 // NVD: CVE-2021-21532

SOURCES

db:VULHUBid:VHN-379936
db:VULMONid:CVE-2021-21532
db:JVNDBid:JVNDB-2021-005294
db:CNNVDid:CNNVD-202104-069
db:NVDid:CVE-2021-21532

LAST UPDATE DATE

2024-11-23T22:11:00.829000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-379936date:2022-10-24T00:00:00
db:VULMONid:CVE-2021-21532date:2021-04-13T00:00:00
db:JVNDBid:JVNDB-2021-005294date:2021-12-10T06:57:00
db:CNNVDid:CNNVD-202104-069date:2021-04-14T00:00:00
db:NVDid:CVE-2021-21532date:2024-11-21T05:48:32.270

SOURCES RELEASE DATE

db:VULHUBid:VHN-379936date:2021-04-02T00:00:00
db:VULMONid:CVE-2021-21532date:2021-04-02T00:00:00
db:JVNDBid:JVNDB-2021-005294date:2021-12-10T00:00:00
db:CNNVDid:CNNVD-202104-069date:2021-04-02T00:00:00
db:NVDid:CVE-2021-21532date:2021-04-02T22:15:13.410