Detections
Analytics

Wyse Device Manager Buffer Overflow

critical Nessus Plugin ID 40333

Synopsis

The remote Windows host contains an application that is affected by a buffer overflow vulnerability.

Description

Wyse Device Manager is installed on the remote system. The installed version is affected by a buffer overflow vulnerability. By sending a specially crafted request to the server, it may be possible for an unauthorized attacker to crash the server or execute arbitrary commands on the remote system with system level privileges.

Solution

Apply vendor-supplied patches.

See Also

https://www.theregister.co.uk/2009/07/10/wyse_remote_exploit_bugs/

http://www.nessus.org/u?27941b3b

Plugin Details

Severity: Critical

ID: 40333

File Name: wyse_wdm_buffer_overflow.nasl

Version: 1.16

Type: local

Agent: windows

Family: Windows

Published: 7/21/2009

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:dell:wyse_device_manager

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/10/2009

Vulnerability Publication Date: 7/10/2009

Exploitable With

Metasploit (Wyse Rapport Hagent Fake Hserver Command Execution)

Reference Information

CVE: CVE-2009-0693, CVE-2009-0695

BID: 35649, 54028

CERT: 654545

Secunia: 35794