Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0695

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-0695
Last Modified 26 Jun 2012 12:00:00
Published 19 Jun 2012 04:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0695

Summary

hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.

Vulnerable Systems

Application

  • Dell Wyse Device Manager 4.7.0

  • Dell Wyse Device Manager 4.7.1

  • Dell Wyse Device Manager 4.7.2


References

CERT-VN - VU#654545

MISC - http://www.wyse.com/serviceandsupport/Wyse%20Security%20Bulletin%20WSB09-01.pdf

MISC - http://www.theregister.co.uk/2009/07/10/wyse_remote_exploit_bugs/

EXPLOIT-DB - 19137

FULLDISC - 20090710 'Secure' Wyse thin clients vulnerable to remote exploit bugs


Last Updated: 27 May 2016 10:56:32