Vulnerability Description
Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with privileges of the FTP client by sending specially crafted input data to the affected system. The FTP code that contained the vulnerability has been removed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Windows Embedded Standard Wyse Device Agent | < 14.1.2.9 |
| Dell | Wyse Thinlinux Hagent | < 5.4.55_00.10 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/107376Third Party Advisory
- https://www.dell.com/support/article/us/en/19/sln316391PatchVendor Advisory
- http://www.securityfocus.com/bid/107376Third Party Advisory
- https://www.dell.com/support/article/us/en/19/sln316391PatchVendor Advisory
FAQ
What is CVE-2019-3712?
CVE-2019-3712 is a vulnerability with a CVSS score of 8.2 (HIGH). Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially...
How severe is CVE-2019-3712?
CVE-2019-3712 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3712?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Windows Embedded Standard Wyse Device Agent, Dell Wyse Thinlinux Hagent.