Wyse Device Manager (WDM) Server and HAgent contain several vulnerabilities. An attacker with network access to WDM components could execute arbitrary code on vulnerable systems.
Wyse Device Manager (WDM, formerly known as Wyse Rapport) manages thin clients. Part of the server component (HServer) is implemented as an ISAPI filter on the Microsoft Windows Internet Information Server (IIS) platform. The client component (HAgent) runs as a service on Microsoft Windows systems.
WDM components contain several vulnerabilities:
An attacker with network access to WDM components could execute arbitrary code on a vulnerable system. The attacker could also execute unauthenticated management commands on a system running HAgent.
Please see Wyse Security Bulletin WSB09-01.
These vulnerabilities were analyzed and reported by Kevin Finisterre of Netragard/SNOsoft.
This document was written by Art Manion.