What is the CVSS score of EUVD-2026-38342?

EUVD-2026-38342 has a CVSS 3.1 base score of 6.0 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.1%.

Is there a patch available for EUVD-2026-38342?

Yes, a patch is available for EUVD-2026-38342. Update the affected software to the latest version immediately.

Dell Wyse Management Suite EUVD-2026-38342

| CVE-2026-44273 MEDIUM

Use of Default Credentials (CWE-1392)

2026-06-22 dell

GHSA-qcx5-4hhw-rpvh

Dell Information Disclosure Wyse Management Suite Wms

6.0

CVSS 3.1 · Vendor: dell

Severity by source

Vendor (dell) PRIMARY

6.0 MEDIUM

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

vuln.today AI

6.0 MEDIUM

Local access and high privilege required per description; C:H and I:H reflect full component access via default credentials despite advisory's information-disclosure framing.

3.1 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

4.0 AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (dell).

CVSS VectorVendor: dell

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch available

Jun 22, 2026 - 21:02 EUVD

Analysis Generated

Jun 22, 2026 - 20:16 vuln.today

DescriptionCVE.org

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.

AnalysisAI

Dell Wyse Management Suite (WMS) versions prior to 2605 ships with default credentials, enabling a high-privileged local attacker to authenticate using those credentials and access sensitive information. Reported by Dell under DSA-2026-247, the flaw is classified under CWE-1392 (Use of Default Credentials) and carries a CVSS 3.1 base score of 6.0, reflecting local-only attack surface constrained by the requirement for high privilege. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Gain high-privilege local host access

Exploit

Identify WMS internal service using default credentials

Execution

Authenticate with factory-default credentials

Impact

Exfiltrate sensitive WMS configuration or managed device data

Access

Gain high-privilege local host access

Exploit

Identify WMS internal service using default credentials

Execution

Authenticate with factory-default credentials

Impact

Exfiltrate sensitive WMS configuration or managed device data

Vulnerability AssessmentAI

Exploitation	Exploitation requires the attacker to already possess a high-privileged account with local access to the host running Dell Wyse Management Suite - the CVSS vector PR:H/AV:L is explicit on this. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The vendor-assigned CVSS 3.1 score of 6.0 with vector AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N presents a notable internal inconsistency worth flagging: the description explicitly scopes impact to Information Disclosure, yet the vendor scores I:H (high integrity impact). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who has already established a high-privileged foothold on the WMS server host - via phishing, credential theft, or another vulnerability - identifies a WMS internal service or database component still using factory-default credentials. The attacker authenticates to that component using the known default credentials and extracts configuration data, managed device credentials, or other sensitive information stored within WMS. …
Remediation	The primary remediation is to upgrade Dell Wyse Management Suite to version WMS 2605 or later, which resolves the default credentials exposure per Dell advisory DSA-2026-247 (https://www.dell.com/support/kbdoc/en-us/000472001/dsa-2026-247). … Detailed patch versions, workarounds, and compensating controls in full report.