CVE-2024-49597

Vulnerability

Dell Wyse Management Suite (WMS) versions 4.4 and prior contain an improper restriction of excessive authentication attempts vulnerability. The software does not adequately limit the number of failed login attempts, enabling an attacker to perform brute-force or replay attacks without triggering account lockout or rate limiting. This flaw exists in the authentication mechanism of the WMS web interface.

Exploitation

An attacker with high privileges (e.g., an authenticated administrator) can remotely exploit this vulnerability by sending a large number of authentication requests in a short period. The lack of rate limiting allows the attacker to bypass the intended protection mechanism, such as account lockout policies. No user interaction is required, and the attack can be carried out over the network.

Impact

Successful exploitation leads to a bypass of authentication protections, potentially allowing the attacker to gain unauthorized access to sensitive data. The CVSS vector indicates high confidentiality impact and low availability impact, with a scope change (S:C) meaning the compromised component affects resources beyond its original scope. The attacker may be able to access or exfiltrate confidential information managed by the WMS.

Mitigation

Dell has released a security update as part of DSA-2024-440 [1]. The fix is included in WMS version 4.5 or later. Users should upgrade to the latest version to remediate this vulnerability. No workarounds are documented. The CVE is not listed in the KEV catalog as of publication.