Thin Client News – Dell Wyse scores two perfect 10 security flaws

By | December 21, 2020

 

Dell Wyse Thin OS Thin Client Security Flaws

Dell Wyse Thin OS Thin Client Security Flaws

Dell Thin Client From the Register Dec 2020

Dell, which pitches its Wyse ThinOS as “the most secure thin client operating system,” plans to publish an advisory on Monday for two security vulnerabilities that are as bad as they could possibly be.

CVE-2020-29491 and CVE-2020-29492 are both critical flaws, managing a perfect (although unwelcome) CVSS score of 10 out of 10. The vulnerabilities, which affect all Dell Wyse Thin Clients running ThinOS versions 8.6 or earlier, allow more or less anyone to remotely run malicious code and to access arbitrary files on vulnerable devices.

The issues were identified by security biz CyberMDX, which said in its disclosure, “The profound potential impact of these vulnerabilities coupled with the relative ease of exploitation is what makes them so critical.”

“We encourage customers to apply the remediations and follow the best practices described in the Dell Security Advisory (DSA-2020-281),” a Dell spokesperson told The Register in an email. “The security of our products is critical to helping ensure our customers’ data and systems are protected.”

Author: Thin Client

Craig Allen Keefner is an industry analyst, content strategist, and longtime authority on self-service kiosks, digital signage, unattended payment systems, and interactive technology. He manages content and industry strategy for Kiosk Industry and The Industry Group, with a focus on kiosk software, hardware-software integration, accessibility, payment compliance, healthcare kiosks, restaurant self-service, and emerging AI automation. Craig has covered the self-service and kiosk industry since the 1990s, tracking how public-facing terminals move from concept to field deployment. His work combines industry research, vendor analysis, operator conversations, standards tracking, trade show coverage, and practical experience with the real-world constraints of kiosk deployments. https://www.linkedin.com/in/kiosk