CVE-2019-3712

HIGH

Dell WES Wyse Device Agent < 14.1.2.9 & ThinLinux HAgent < 5.4.55_00.10 - Unauthenticated Buffer Overflow

Title source: llm
STIX 2.1

Description

Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with privileges of the FTP client by sending specially crafted input data to the affected system. The FTP code that contained the vulnerability has been removed.

References (2)

Core 2
Core References
Third Party Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107376
Patch, Vendor Advisory x_refsource_misc
https://www.dell.com/support/article/us/en/19/sln316391

Scores

CVSS v3 8.2
EPSS 0.0015
EPSS Percentile 35.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

Details

CWE
CWE-119
Status published
Products (2)
dell/windows_embedded_standard_wyse_device_agent < 14.1.2.9
dell/wyse_thinlinux_hagent < 5.4.55_00.10
Published Mar 07, 2019
Tracked Since Feb 18, 2026