DSA-2024-170: Security Update for an Information Disclosure Vulnerability for Telemetry Dashboard for Dell ThinOS
Summary: Dell ThinOS remediation is available for an Information Disclosure vulnerability in Telemetry Dashboard that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
Impact
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-28963 | Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information. | 6.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-28963 | Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information. | 6.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Affected Products & Remediation
| Product | Software/ Firmware |
Affected Versions | Remediated Versions | Release Date (MM/DD/YYYY) |
Link |
|---|---|---|---|---|---|
| Dell ThinOS 2402 | Telemetry Dashboard | Version 1.0.0.7 | Version 1.0.0.8 or later | 03/15/2024 | https://www.dell.com/support/home/drivers/driversdetails?driverid=y83m8 |
| Product | Software/ Firmware |
Affected Versions | Remediated Versions | Release Date (MM/DD/YYYY) |
Link |
|---|---|---|---|---|---|
| Dell ThinOS 2402 | Telemetry Dashboard | Version 1.0.0.7 | Version 1.0.0.8 or later | 03/15/2024 | https://www.dell.com/support/home/drivers/driversdetails?driverid=y83m8 |
Workarounds & Mitigations
None
Revision History
| Revision | Date | Description |
| 1.0 | 2024-04-23 | Initial Release |