fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Critical Bugs In Dell Wyse ThinOS Allow Thin Client Take Over

Critical Bugs In Dell Wyse ThinOS Allow Thin Client Take Over

Almost a dozen Dell Wyse thin client models are vulnerable to critical issues that could be exploited by a remote attacker to run malicious code and gain access to arbitrary files.

Thin clients are small form-factor computers used for remote desktop connections to a more powerful system. They are popular with organizations that don’t need computers with high processing, storage, and memory on the network.

It is estimated that more than 6,000 organizations, most of them from the healthcare sector, have deployed Dell Wyse thin clients on their networks.

Configuration file at risk

The vulnerabilities (tracked as CVE-2020-29492 and CVE-2020-29491) are in components of ThinOS, the operating system on Dell Wyse thin clients.

ThinOS can be maintained remotely. Dell’s recommendation for this procedure is to set up an FTP server for devices to download updates (firmware, packages, configurations).

Security researchers at CyberMDX, a company focusing on cybersecurity in the healthcare sector, found that FTP access is possible with no credentials, using “anonymous” user.

They also discovered that only the firmware and packages are signed, leaving INI configuration files as a possible way for a malicious actor to do some damage.

Elad Luz head of research at CyberMDX, says that there is also a specific INI file on the FTP server that should be writeable for the connecting clients.

Also Read: Data Centre Regulations Singapore: Does It Help To Progress?

“Since there are no credentials, essentially anyone on the network can access the FTP server and modify that INI file holding configuration for the thin client devices”

– Elad Luz

Protecting the FTP connection with credentials would not be enough under the current design, says Luz, because the username and password would be shared across the entire fleet of thin clients.

The researcher explains that when a Dell Wyse device connects to the FTP server, it looks for the INI file that holds its configuration, named after the username used in the terminal.

With this file being writeable, an attacker can plant a malicious version to control the configuration received by a specific user on the network.

One scenario an attacker could leverage these vulnerabilities is to read or modify parameters in the configuration file that would give them remote control over the thin device. Leaking credentials or manipulating DNS results are also on the list of risks that could stem from exploiting the two bugs.

Not all models 

According to CyberMDX, these vulnerabilities affect the following Dell Wyse models running ThinOS 8.6 and below:

Dell has released ThinOS 9.x to address these issues. However, some of the affected models can no longer be upgraded:

  • Wyse 3020
  • Wyse 3030 LT
  • Wyse 5010
  • Wyse 5040 AIO
  • Wyse 5060
  • Wyse 7010

CyberMDX recommends that organizations with the models above deployed on their networks disabled the use of FTP for the update procedure and rely on an alternative method for the task.

Also Read: What Is A Governance Framework? The Importance And How It Works

In its security advisory, Dell recommends securing the environment by using a secure protocol (HTTPS) and ensuring that the file servers have read-only access.

Additionally, impacted customers can use Wyse Management Suite for imaging and device configuration, which enforces the use of HTTPS and stores the configuration files in a secure server database.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us