Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.
The vulnerability is classified as CWE-349 (Acceptance of Extraneous Untrusted Data With Trusted Data) and occurs when the application improperly processes data transmitted along with trusted data, failing to reject additional untrusted elements. An attacker can inject malicious data that will be treated as trusted and executed by the system. Exploitation requires only low privileges and remote network access, with no need for user interaction.
Successful exploitation of this vulnerability leads to remote code execution (RCE) on the Dell Wyse Management Suite server, which may result in complete system compromise, breach of confidentiality, integrity, and availability of managed resources.
Dell Wyse Management Suite must be immediately updated to version WMS 5.5 HF1 or later. Details are available in the Dell security bulletin DSA-2026-225 at: https://www.dell.com/support/kbdoc/en-in/000465356/dsa-2026-225
Dell Wyse Management Suite in versions prior to WMS 5.5 HF1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDell Wyse Management Suite
APPDell5.5< 5.5
Related vulnerabilities
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an una...
Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a R...
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File ...
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special El...
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special El...