EUVD-2026-33979
GHSA-54h6-7v4f-8wp6
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation.
AnalysisAI
Local privilege escalation in Dell ThinOS 10 versions prior to ThinOS10 2602_10.0765 allows a low-privileged user with local access to elevate to higher privileges due to improper access control (CWE-284). The CVSS 3.1 base score of 7.8 reflects high impact on confidentiality, integrity, and availability, though exploitation requires existing local foothold. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all Dell thin clients running ThinOS 10 versions prior to 2602_10.0765; restrict local and physical console access to authorized administrators only; disable or remove non-essential local user accounts on affected systems. Within 7 days: Deploy privileged activity logging on affected devices; notify affected business units of risk status and interim controls; establish contact with Dell support. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Denial of service in FreeIPMI versions before 1.16.18 allows remote attackers to crash the ipmi-oem client by sending ma
Denial of service in Dell BSAFE SSL-J allows unauthenticated remote attackers to exhaust resources on systems using the
Physical access to Dell ThinOS 10 endpoints running versions prior to ThinOS10 2602_10.0765 allows an unauthenticated at
Share
External POC / Exploit Code
Leaving vuln.today