CVE-2022-34402

Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000203376/dsa-2022-247-dell-wyse-thinos-security-update-for-a-regular-expression-vulnerability	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:wyse_thinos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:dell:latitude_3420:-:::::::*
	cpe:2.3:h:dell:optiplex_3000_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_3040_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5070_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:::::::*

History

21 Jul 2023, 18:19

Type	Values Removed	Values Added
CWE	~~CWE-697~~	CWE-1333

12 Oct 2022, 18:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-10-10 21:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-34402

Mitre link : CVE-2022-34402

CVE.ORG link : CVE-2022-34402

JSON object : View

Products Affected

dell

latitude_3420
wyse_5470_mobile_thin_client
wyse_thinos
wyse_3040_thin_client
wyse_5470_all-in-one_thin_client
wyse_5070_thin_client
optiplex_3000_thin_client

CWE

CWE-1333

Inefficient Regular Expression Complexity

{"id": "CVE-2022-34402", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.3}]}, "published": "2022-10-10T21:15:11.067", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000203376/dsa-2022-247-dell-wyse-thinos-security-update-for-a-regular-expression-vulnerability", "tags": ["Patch", "Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1333"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-1333"}]}], "descriptions": [{"lang": "en", "value": "Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service."}, {"lang": "es", "value": "Dell Wyse ThinOS versi\u00f3n 2205, contiene una vulnerabilidad de Denegaci\u00f3n de Servicio por Expresi\u00f3n Regular en la Interfaz de Usuario. Un atacante con privilegios de administrador podr\u00eda explotar esta vulnerabilidad, conllevando a una denegaci\u00f3n de servicio"}], "lastModified": "2023-07-21T18:19:17.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:wyse_thinos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFBCEFF3-9A1E-46C9-9CF5-F04B67839075", "versionEndExcluding": "9.3.2102"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7FB6E60F-F100-42BF-BC38-A38620EF8D2C"}, {"criteria": "cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1C4B0B6B-7740-46D0-9FE0-3AFF8D9B4DDA"}, {"criteria": "cpe:2.3:h:dell:wyse_3040_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EE7CF2EF-93B1-4026-B923-3E08324245BD"}, {"criteria": "cpe:2.3:h:dell:wyse_5070_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C1664E2E-057D-4A8F-B8FC-73EC25D48DBC"}, {"criteria": "cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3929B7A4-D181-4258-8722-57A751DB4CCC"}, {"criteria": "cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1D9B6263-FF2F-428D-971B-48029951E62B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}