Vulnerability Description
Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 10 | <= 2019 |
| Dell | Wyse 5070 Thin Client | - |
| Dell | Wyse 5470 All-In-One Thin Client | - |
| Dell | Wyse 5470 Thin Client | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000186134/dsa-2021-096-dell-wyse-windowPatchVendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000186134/dsa-2021-096-dell-wyse-windowPatchVendor Advisory
FAQ
What is CVE-2021-21552?
CVE-2021-21552 is a vulnerability with a CVSS score of 5.2 (MEDIUM). Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit...
How severe is CVE-2021-21552?
CVE-2021-21552 has been rated MEDIUM with a CVSS base score of 5.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21552?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 10, Dell Wyse 5070 Thin Client, Dell Wyse 5470 All-In-One Thin Client, Dell Wyse 5470 Thin Client.