CVE-2021-36341 MEDIUM

CVE-2021-36341

Vendor Dell

Product Dell Wyse Device Agent

Weakness CWE-200 · Info exposure

Published December 21, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information.

Key dates

02Disclosure timeline

December 21, 2021 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-36341 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2012-6441 Rockwell Automation ControlLogix PLC Information Exposure CVE-2019-1731 Cisco NX-OS Software SSH Key Information Disclosure Vulnerability CVE-2026-33677 Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API CVE-2023-5339 Mattermost Desktop logs all keystrokes during initial run after fresh installation CVE-2023-7046 WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score <= 7.0 - Sensitive Information Exposure via insufficiently protected files

Identifiers

CVE CVE-2021-36341

CWE CWE-200

CVSS 5.5 / MEDIUM

Affected versions

Vendor Dell

Product Dell Wyse Device Agent

Affected ≥ unspecified and ≤ 14.5.4.1