CVE-2024-42427

Summary

Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of privileges.

Affected Software

VendorProductVersion RangeStatus
DellWyse Proprietary OS (Modern ThinOS)Dell ThinOS 2402affected
DellWyse Proprietary OS (Modern ThinOS)Dell ThinOS 2405affected

Weaknesses

  • CWE-77: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References