Healthcare cybersecurity provider CyberMDX says it has discovered a vulnerability in a range of Dell Wyse thin client devices specifically Dell Wyse ThinOS 8.6 and prior operating systems.
Discovered by an attacker could remotely run malicious code and access arbitrary files on the affected Dell Wyse thin client devices. Dell has remediated this vulnerability and details can be found in the Dell Security Advisory (DSA-2020-281) released yesterday.
“An AI/ML anomaly detection feature in the CyberMDX platform identified a common pattern of Wyse Thin Client devices periodically utilizing FTP (File Transfer Protocol) with no authentication.” CyberMDX said in a release.
“Upon further research by the research team, it was determined that FTP is used by Wyse thin clients to pull their configurations from a local server. The team further discovered that the server where the configurations are stored permits "read and write" access to its configuration files, enabling anyone within the network to read and alter them using FTP.”
According to a release, Wyse has been developing thin clients since the 1990s and was acquired by Dell in 2012.
“In the U.S. alone, it is estimated that over 6,000 companies and organizations are using Dell Wyse thin clients inside their network, with many of these being healthcare providers. The thin client devices are small form-factor computers optimized for performing a remote desktop connection to distant more resourceful hardware.
“The thin devices operate ThinOS which can be remotely maintained, and one of the most popular ways, as well as the default method, is via a local FTP server where devices pull new firmware, packages and configurations.”
“Both vulnerabilities were given CVSS scores of 10/10, reflecting the most critical severities. The first vulnerability, CVE-2020-29491 enables the user to access the configuration server and read configurations belonging to other clients.
“The configuration may include sensitive data including potential passwords and account information that could later be used to compromise the device. The second vulnerability, CVE-2020-29492, enables the user to access the server and directly alter configurations belonging to other thin clients.”
Elad Luz, the firm’s head of research said that one of the “main issues is that security is often overlooked during the design phase of these devices.
More information can be found here.