CVE-2021-36337

Vulnerability

Dell Wyse Management Suite versions 3.3.1 and prior support the insecure Transport Security Protocols TLS 1.0 and TLS 1.1 [1]. These protocols are susceptible to Man-In-The-Middle (MITM) attacks due to known weaknesses in their cryptographic design.

Exploitation

An attacker with network access to the traffic between a Wyse Management Suite server and its clients can perform a MITM attack if the connection uses TLS 1.0 or 1.1. The attack requires the ability to intercept and modify network traffic, and the victim must be using a protocol version that is still enabled by default or configured. No authentication is required for the attacker.

Impact

Successful exploitation allows the attacker to compromise the confidentiality and integrity of data transmitted between the server and clients. The attacker can read sensitive information (Confidentiality High) and potentially modify data in transit (Integrity Low) [1].

Mitigation

Dell has released a security update addressing this vulnerability; refer to the Dell advisory [1] for details. Users should upgrade to a version that disables TLS 1.0 and 1.1 and enforces stronger protocols such as TLS 1.2 or higher.