Wyse Management Suite
CVE-2024-49597
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.
AnalysisAI
Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-307. Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Affected products include: Dell Wyse Management Suite.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Wyse Management Suite
View allRemote code execution affects Dell Wyse Management Suite in all versions prior to WMS 5.5 HF1, stemming from the applica
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticat
Dell Wyse Management Suite versions prior to 5.5 suffer from improper access controls that allow authenticated remote at
Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. Rated high sever
Dell Wyse Management Suite versions prior to 5.2 contain an Absolute Path Traversal vulnerability (CWE-36) that allows u
Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Rated high severity (CVS
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Querie
A information disclosure vulnerability in an Exposure of Sensitive Information (CVSS 7.5). High severity vulnerability r
Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. Rated high severity (
Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 whi
Remote code execution in Dell Wyse Management Suite (versions prior to WMS 5.5 HF1) is reachable through a path traversa
Remote code execution in Dell Wyse Management Suite versions before 5.5 via unrestricted file upload allows high-privile
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today