CVE-2021-21587

Vulnerability

Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability [1]. A local unauthenticated attacker can exploit this issue to obtain the path of files and folders on the system [1]. The vulnerability affects all versions up to and including 3.2 [1].

Exploitation

The attacker needs local access to the system running Wyse Management Suite [1]. No authentication is required [1]. The attacker can leverage the vulnerability to discover internal file paths, which may be used to plan further attacks [1].

Impact

Successful exploitation results in the disclosure of file and folder paths [1]. This is a low-severity information leak (CVSS 5.3) with no direct impact on integrity or availability [1]. However, the leaked paths can assist in targeted attacks, such as path traversal or file reads [1].

Mitigation

Dell has released an update to address this vulnerability; customers should upgrade to Wyse Management Suite version 3.3 or later [1]. If an immediate update is not possible, Dell recommends following general security best practices for local access controls [1].