• News
  • Positive Technologies helps secure Dell thin client management solution
News

Positive Technologies helps secure Dell thin client management solution

PT SWARM expert Alexander Zhurnakov discovered a vulnerability chain in Wyse Management Suite, a thin client management platform developed by Dell, one of the world's largest computer hardware manufacturers. While thin clients function like standard computers, they rely on remote servers to operate. If exploited, this vulnerability chain could allow attackers to disrupt business operations, steal data, and move laterally across a corporate network. Dell was notified of the threat in line with the responsible disclosure policy and has already released software update.

According to Mordor Intelligence, the global thin client market is projected to reach $5.4 billion by the end of 2026, with Dell ranking among the top five vendors. Dell's products are widely used in government, retail, finance, and other sectors. Wyse Management Suite provides centralized management for these devices and can be deployed either on-premises or in the public cloud. Threat intelligence from Positive Technologies revealed that the majority of potentially vulnerable hosts running Wyse Management Suite are located in the U.S., Germany, France, the UK, and the Netherlands.
 

Tracked as PT‑2026‑21793 and PT‑2026‑217941 (CVE‑2026‑22765 and CVE‑2026‑22766, BDU: 2025‑16322 and BDU: 2025‑16323), the vulnerabilities received CVSS 3.1 scores of 8.8 and 7.2, respectively, indicating high severity. Both flaws affected on-premises deployments of Wyse Management Suite. Successful exploitation could allow an attacker to disrupt thin client operations. Furthermore, an attacker could upload malware.

The first vulnerability, PT‑2026‑21793, stems from a business logic flaw. Improper authorization allowed a standard user to escalate their privileges to administrator, granting them full access to all devices connected to Wyse Management Suite. The second vulnerability, PT‑2026‑21794, enabled an attacker to upload malicious files and execute arbitrary code as a local user.

1 The vulnerabilities have been registered on the dbugs portal, which aggregates data on vulnerabilities in software and hardware from vendors around the world.

"Business logic vulnerabilities are common in feature-rich software like Wyse Management Suite. Ensuring the complete security of such a massive codebase is nearly impossible without specialized tools. To mitigate these risks, organizations should restrict external network access to these types of systems."

Alexander Zhurnakov
Alexander ZhurnakovSoftware Researcher at Positive Technologies Penetration Testing Department

To remediate these vulnerabilities, organizations should update Wyse Management Suite to version 5.5 or later.
 

Positive Technologies has previously disclosed other product vulnerabilities to Dell. In 2020, Mark Ermolov and Georgy Kiguradze2 discovered a critical web vulnerability (PT‑2020‑18431, CVE‑2020‑5366) in the Dell EMC iDRAC remote access server controller.3 Successful exploitation could give an attacker full control over the server, allowing them to power it on or off, alter cooling settings, and more. Dell released a software update.

Security flaws, such as PT‑2026‑21793 and PT‑2026‑21794, can be detected at the product development stage using a static code analyzer like PT Application Inspector. Advanced NTA (NDR) systems, such as PT Network Attack Discovery (PT NAD), detect attempts to exploit vulnerabilities. Web application firewalls like PT Application Firewall (also available in the cloud version: PT Cloud Application Firewall) are also effective at blocking exploitation attempts.

For up-to-date security information, visit the dbugs portal, which aggregates vulnerability data and vendor recommendations for software and hardware from vendors around the world.

2 At the moment of the vulnerabilities discovery in 2020.

3 Dell iDRAC is a hardware component (baseboard management controller) located on the server motherboard. iDRAC enables system administrators to remotely update, monitor, troubleshoot, and restore a Dell server even when the server is turned off.