CVE-2021-21586

Vulnerability

Dell Wyse Management Suite (WMS) versions 3.2 and earlier contain an absolute path traversal vulnerability. The flaw exists in the web application component, where insufficient input validation allows an authenticated remote attacker to specify arbitrary file paths. This enables reading files outside the intended web root directory. The vulnerability is identified as CVE-2021-21586 and has a CVSS base score of 8.1 [1].

Exploitation

An attacker must have valid authentication credentials for the WMS web interface and network access to the management server. The exploitation involves sending a crafted HTTP request that includes an absolute path (e.g., C:\Windows\win.ini or /etc/passwd) in a parameter that is used to retrieve files. No user interaction is required beyond the initial authentication. The attacker can then read the contents of arbitrary files on the server's file system [1].

Impact

Successful exploitation allows the attacker to read arbitrary files on the system, leading to information disclosure. This could expose sensitive configuration files, credentials, or other confidential data. The CVSS vector indicates high confidentiality impact, and the overall severity is rated high (8.1) [1].

Mitigation

Dell has released a security update to address this vulnerability. Users should upgrade to the latest version of Wyse Management Suite as specified in Dell Security Advisory DSA-2021-137 [1]. No workarounds are documented. The issue was reported by Stephen Tomkinson and David Cash of NCC Group [1].