Major security flaws found in Dell Wyse ThinOS

Occurrence of technical issues are very common when any sort of system or device is developed. According to recent findings two critical vulnerabilities have been found in Dell’s Wyse thin clients. These vulnerabilities could easily be exploited by an attacker to run malicious code and gain access to arbitrary files.

As compared to old PCs, now small form factor PCs have grown more powerful. In recent years, a lot of organizations more commonly the ones in healthcare industry have turned to thin clients in order to fulfill their computing needs.

Why do they choose thin clients?

Many organizations choose to turn to thin clients because they take up far less space than a traditional desktop PC. Dell Wyse thin clients are one of the popular choices among enterprises and it’s estimated that over 6,000 organizations have deployed them on their networks, hence network monitoring is an added factor that all enterprises needs.

Dell ships two critical vulnerabilities, tracked as CVE-2020-29492 and CVE-2020-29491, reside in its OS. ThinOS can also be kept remotely and the Austin-based company mentions that users set up an FTP server for its Wyse devices in order to download updates including firmware, packages and configurations.

However, according to cybersecurity firm CyberMDX, which focuses on the healthcare sector, found that accessing almost a dozen Dell Wyse thin clients via FTP was possible with no credentials by using an anonymous user profile. According to their findings only the firmware and packages are signed which clearly means that an attacker can use the INI configuration files to target vulnerable machines.

In recent times, we all are facing malware, cyberattacks and really wants our websites and confidential files to be protected from attackers. IT Consultants are always working for better IT solutions along with providing technical support to their clients.

FTP access is possible without credentials on some Dell Wyze thin clients

Share it on Social Media: