Article Number: 000225289

DSA-2024-229: Security Update for Dell ThinOS Vulnerabilities

Summary: Dell ThinOS remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Third-party Component	CVEs	More Information
Liquidware	CVE-2016-0718, CVE-2012-6702, CVE-2016-5300, CVE-2016-4472, CVE-2017-9233, CVE-2018-20843, CVE-2019-15903, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-23990, CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, CVE-2022-40674, CVE-2022-43680, CVE-2020-1968, CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2021-3712, CVE-2021-4160, CVE-2022-0778, CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-5678, CVE-2024-0727	See NVD Link below for individual scores for each CVE. http://nvd.nist.gov/
Cisco Jabber	CVE-2023-46218	See NVD Link below for individual scores for each CVE. http://nvd.nist.gov/
Cisco Webex Meetings VDI	CVE-2022-45142, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727, CVE-2022-41409, CVE-2021-38593, CVE-2021-45930, CVE-2022-25255, CVE-2022-25634, CVE-2023-24607, CVE-2023-32573, CVE-2023-33285, CVE-2023-32762, CVE-2023-32763, CVE-2023-34410, CVE-2023-38197, CVE-2023-37369, CVE-2023-43114, CVE-2023-51714, CVE-2017-10989, CVE-2018-8740, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358, CVE-2022-35737, CVE-2023-7104, CVE-2022-37434, CVE-2023-45853	See NVD Link below for individual scores for each CVE. http://nvd.nist.gov/
Cisco Webex App VDI	CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27781, CVE-2022-27782, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-35252, CVE-2022-42916, CVE-2022-42915, CVE-2022-32221, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218	See NVD Link below for individual scores for each CVE. http://nvd.nist.gov/
VMWare Horizon Client	CVE-2023-46218, CVE-2023-46219, CVE-2023-46218, CVE-2023-46219, CVE-2023-3316, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2650, CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, CVE-2024-0727	See NVD Link below for individual scores for each CVE. http://nvd.nist.gov/
Zoom Universal	CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363	See NVD Link below for individual scores for each CVE. http://nvd.nist.gov/
Citrix Workspace App	CVE-2023-5217	See NVD Link below for individual scores for each CVE. http://nvd.nist.gov/
Amazon WorkSpaces	CVE-2023-52425, CVE-2023-52426, CVE-2023-52355, CVE-2021-30123, CVE-2021-33815, CVE-2021-38114, CVE-2021-38171, CVE-2022-1475, CVE-2022-3964, CVE-2022-3109, CVE-2022-3341, CVE-2022-48434, CVE-2023-46407, CVE-2023-47470, CVE-2024-22860, CVE-2024-22862, CVE-2024-22861, CVE-2023-45853	See NVD Link below for individual scores for each CVE. http://nvd.nist.gov/

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2024-30472	Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure.	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2024-30472	Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure.	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed	Product	Software/Firmware	Affected Versions	Remediated Versions	Release Date	Link
CVE-2024-30472	ThinOS	Telemetry Dashboard	Telemetry Dashboard v1.0.0.8 on Thin OS 2402	Telemetry Dashboard v1.1.0.6 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) Telemetry Dashboard v1.1.0.6 \| Driver Details
CVE-2016-0718, CVE-2012-6702, CVE-2016-5300, CVE-2016-4472, CVE-2017-9233, CVE-2018-20843, CVE-2019-15903, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-23990, CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, CVE-2022-40674, CVE-2022-43680, CVE-2020-1968, CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2021-3712, CVE-2021-4160, CVE-2022-0778, CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-5678, CVE-2024-0727	ThinOS	Liquidware	Liquidware_Stratusphere_UX_Connector_ID_Agent_6.6.2.5.10 on Thin OS 2402	Liquidware_Stratusphere_UX_Connector_ID_Agent_6.7.0.2.2 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) Liquidware Stratusphere UX Connector ID Agent v6.7.0.2.2 \| Driver Details
CVE-2023-46218	THinOS	Cisco Jabber	Cisco_Jabber_14.3.0.308378.8 on Thin OS 2402	Cisco_Jabber_14.3.0.308378.11 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) Cisco Jabber package v14.3.0.308378.11 \| Driver Details
CVE-2022-45142, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727, CVE-2022-41409, CVE-2021-38593, CVE-2021-45930, CVE-2022-25255, CVE-2022-25634, CVE-2023-24607, CVE-2023-32573, CVE-2023-33285, CVE-2023-32762, CVE-2023-32763, CVE-2023-34410, CVE-2023-38197, CVE-2023-37369, CVE-2023-43114, CVE-2023-51714, CVE-2017-10989, CVE-2018-8740, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358, CVE-2022-35737, CVE-2023-7104, CVE-2022-37434, CVE-2023-45853	ThinOS	Cisco Webex Meetings VDI	Cisco_Webex_Meetings_VDI_43.10.2.11.3 on Thin OS 2402	Cisco_Webex_Meetings_VDI_44.2.0.76.2 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) Cisco Webex Meetings VDI package v44.2.0.76.2 \| Driver Details
CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27781, CVE-2022-27782, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-35252, CVE-2022-42916, CVE-2022-42915, CVE-2022-32221, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218	ThinOS	Cisco Webex App VDI	Cisco_Webex_App_VDI_43.10.0.27605.4 on Thin OS 2402	Cisco_Webex_App_VDI_44.2.0.28744.1 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) Cisco Webex VDI package v44.2.0.28744.1 \| Driver Details
CVE-2023-46218, CVE-2023-46219, CVE-2023-46218, CVE-2023-46219, CVE-2023-3316, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2650, CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, CVE-2024-0727	ThinOS	VMWare Horizon Client	VMware_Horizon_2309.8.11.0.22660930.37 on Thin OS 2402	VMware_Horizon_2312.1.8.12.1.5 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) VMware Horizon package v2312.1.8.12.1.5 \| Driver Details
CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363	ThinOS	Zoom Universal	Zoom_Universal_5.16.10.24420.6 on Thin OS 2402	Zoom_Universal_5.17.10.24730.2 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) Zoom Universal package v5.17.10.24730.2 \| Driver Details
CVE-2023-5217	ThinOS	Citrix Workspace App	Citrix_Workspace_App_23.11.0.82.6 on Thin OS 2402	Citrix_Workspace_App_24.2.0.65.17 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) Citrix package v24.2.0.65.17 \| Driver Details
CVE-2023-52425, CVE-2023-52426, CVE-2023-52355, CVE-2021-30123, CVE-2021-33815, CVE-2021-38114, CVE-2021-38171, CVE-2022-1475, CVE-2022-3964, CVE-2022-3109, CVE-2022-3341, CVE-2022-48434, CVE-2023-46407, CVE-2023-47470, CVE-2024-22860, CVE-2024-22862, CVE-2024-22861, CVE-2023-45853	ThinOS	Amazon Workspace	Amazon_WorkSpaces_Client_24.0.4697.3 on Thin OS 2402	Amazon_WorkSpaces_Client_ 24.0.4707.6 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) Amazon WorkSpaces Client package v24.0.4707.6 \| Driver Details

CVEs Addressed	Product	Software/Firmware	Affected Versions	Remediated Versions	Release Date	Link
CVE-2024-30472	ThinOS	Telemetry Dashboard	Telemetry Dashboard v1.0.0.8 on Thin OS 2402	Telemetry Dashboard v1.1.0.6 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) Telemetry Dashboard v1.1.0.6 \| Driver Details
CVE-2016-0718, CVE-2012-6702, CVE-2016-5300, CVE-2016-4472, CVE-2017-9233, CVE-2018-20843, CVE-2019-15903, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-23990, CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, CVE-2022-40674, CVE-2022-43680, CVE-2020-1968, CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2021-3712, CVE-2021-4160, CVE-2022-0778, CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-5678, CVE-2024-0727	ThinOS	Liquidware	Liquidware_Stratusphere_UX_Connector_ID_Agent_6.6.2.5.10 on Thin OS 2402	Liquidware_Stratusphere_UX_Connector_ID_Agent_6.7.0.2.2 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) Liquidware Stratusphere UX Connector ID Agent v6.7.0.2.2 \| Driver Details
CVE-2023-46218	THinOS	Cisco Jabber	Cisco_Jabber_14.3.0.308378.8 on Thin OS 2402	Cisco_Jabber_14.3.0.308378.11 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) Cisco Jabber package v14.3.0.308378.11 \| Driver Details
CVE-2022-45142, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727, CVE-2022-41409, CVE-2021-38593, CVE-2021-45930, CVE-2022-25255, CVE-2022-25634, CVE-2023-24607, CVE-2023-32573, CVE-2023-33285, CVE-2023-32762, CVE-2023-32763, CVE-2023-34410, CVE-2023-38197, CVE-2023-37369, CVE-2023-43114, CVE-2023-51714, CVE-2017-10989, CVE-2018-8740, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-16168, CVE-2019-19645, CVE-2019-19646, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358, CVE-2022-35737, CVE-2023-7104, CVE-2022-37434, CVE-2023-45853	ThinOS	Cisco Webex Meetings VDI	Cisco_Webex_Meetings_VDI_43.10.2.11.3 on Thin OS 2402	Cisco_Webex_Meetings_VDI_44.2.0.76.2 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) Cisco Webex Meetings VDI package v44.2.0.76.2 \| Driver Details
CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27781, CVE-2022-27782, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-35252, CVE-2022-42916, CVE-2022-42915, CVE-2022-32221, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218	ThinOS	Cisco Webex App VDI	Cisco_Webex_App_VDI_43.10.0.27605.4 on Thin OS 2402	Cisco_Webex_App_VDI_44.2.0.28744.1 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) Cisco Webex VDI package v44.2.0.28744.1 \| Driver Details
CVE-2023-46218, CVE-2023-46219, CVE-2023-46218, CVE-2023-46219, CVE-2023-3316, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2650, CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, CVE-2024-0727	ThinOS	VMWare Horizon Client	VMware_Horizon_2309.8.11.0.22660930.37 on Thin OS 2402	VMware_Horizon_2312.1.8.12.1.5 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) VMware Horizon package v2312.1.8.12.1.5 \| Driver Details
CVE-2023-2975, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363	ThinOS	Zoom Universal	Zoom_Universal_5.16.10.24420.6 on Thin OS 2402	Zoom_Universal_5.17.10.24730.2 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) Zoom Universal package v5.17.10.24730.2 \| Driver Details
CVE-2023-5217	ThinOS	Citrix Workspace App	Citrix_Workspace_App_23.11.0.82.6 on Thin OS 2402	Citrix_Workspace_App_24.2.0.65.17 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) Citrix package v24.2.0.65.17 \| Driver Details
CVE-2023-52425, CVE-2023-52426, CVE-2023-52355, CVE-2021-30123, CVE-2021-33815, CVE-2021-38114, CVE-2021-38171, CVE-2022-1475, CVE-2022-3964, CVE-2022-3109, CVE-2022-3341, CVE-2022-48434, CVE-2023-46407, CVE-2023-47470, CVE-2024-22860, CVE-2024-22862, CVE-2024-22861, CVE-2023-45853	ThinOS	Amazon Workspace	Amazon_WorkSpaces_Client_24.0.4697.3 on Thin OS 2402	Amazon_WorkSpaces_Client_ 24.0.4707.6 on Thin OS 2405	05/30/2024	ThinOS 2405 (9.5.2109) Amazon WorkSpaces Client package v24.0.4707.6 \| Driver Details

Acknowledgements

CVE-2024-30472: Dell would like to thank matrixpdb for reporting this issue.

Revision History

Revision	Date	Description
1.0	2024-06-12	Initial Release

DSA-2024-229: Security Update for Dell ThinOS Vulnerabilities

Summary: Dell ThinOS remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Acknowledgements

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Article Type

Welcome

Welcome to Dell

DSA-2024-229: Security Update for Dell ThinOS Vulnerabilities

Summary: Dell ThinOS remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Acknowledgements

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Article Type