Highly critical vulnerabilities existed in Dell Wyse Thin client devices. As discovered, exploiting these bugs could let an adversary take over target devices.
Dell Wyse Thin Client Vulnerabilities
Researchers from CyberMDX found highly critical vulnerabilities in Dell Wyse Thin client devices. Specifically, they found two different vulnerabilities in the devices that could allow an attacker to take control of target devices.
These two vulnerabilities, CVE-2020-29491 and CVE-2020-29492, earned a critical severity rating with a score of 10 – the highest.
Dell Wyse Thin clients are basically small devices that facilitate establishing remote connections with other hardware, including the more resourceful ones. In this way, the devices help in system maintenance with reduced cost and power requirements.
Regarding the vulnerabilities, the researchers observed that the configuration file important for establishing remote connections was not secure. As stated,
When a Dell Wyse device connects to the FTP server it searches for an INI file in the form of “{username}.ini” where {username} is replaced with the username used by the terminal.
If this INI file exists, it loads the configuration from it. As noted, this file is writable, so it can be created and manipulated by an attacker to control the configuration received by a specific user.
Elaborating their findings in a post, they stated that the vulnerabilities affected all Dell Wyse Thin Clients running ThinOS versions 8.6 and earlier.
Regarding the possible exploitation scenarios, the researchers explained,
The INI files contain a long list of configurable parameters… Reading or altering those parameters opens the door to a variety of attack scenarios. Configuring and enabling VNC for full remote control, leaking remote desktop credentials, and manipulating DNS results are some of the scenarios to be aware of.
Dell Patched The Flaws
Upon finding the bugs, the researchers reported the matter to Dell. Following their report, Dell patched the vulnerabilities and explained mitigations for the users in their advisory. These include updating the vulnerable devices as well as securing the file server environment with HTTPS.