A critical SQL injection vulnerability in Dell Wyse Management Suite (WMS) allows for potential remote code execution or unauthorized data access.

This is an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability. This flaw allows attackers to inject malicious SQL queries into the database, which could lead to full database compromise.

With a CVSS score of 8.8, this vulnerability is classified as High/Critical. An attacker successfully exploiting this flaw could gain full control over the WMS database, leading to the compromise of managed thin clients, exposure of sensitive configuration data, and potential lateral movement within the network.

Immediate Action: Upgrade to Dell Wyse Management Suite version 2605 or later immediately.

Proactive Monitoring: Enable database query logging and monitor for anomalous or highly complex SQL queries that deviate from standard application behavior.

Compensating Controls: Utilize a Web Application Firewall (WAF) with SQL injection protection rules to block malicious payloads targeting the WMS web interface.

Public Exploit Available: false

The 8.8 CVSS score necessitates immediate attention. Organizations running Dell Wyse Management Suite should verify their current version and upgrade to 2605 or higher without delay. This vulnerability represents a significant entry point for attackers to gain persistence within the environment.