CVE-2021-21552 MEDIUM

CVE-2021-21552

Vendor Dell
Product Wyse Windows Embedded (WES)
Weakness CWE-863 · Incorrect authorization
Published May 21, 2021
Last update September 16, 2024

CVSS base score

5.2/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system.

Key dates

02Disclosure timeline

May 21, 2021 CVE published
September 16, 2024 Record updated