Gbhackers
Critical Exploit in Dell Wyse Management Suite Allows Full System Compromise
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Security researcher Aleksandr Zhurnakov from PT Security has identified a critical exploit chain in Dell Wyse Management Suite, affecting both Standard and Pro editions of the On-Premises software. The attack allows unauthenticated users to register devices using an empty group token, leading to complete system compromise. Attackers can exploit hidden logic flaws in Active Directory user import functions, even when these features are disabled. By manipulating the password reset feature, they can gain access to a newly created administrator account and upload a malicious script. This results in full remote code execution on the server. Dell has released a patch in version 5.5 to address these vulnerabilities, tracked under advisory DSA-2026-103. Immediate updates are recommended for all affected systems.
Key Points: • Critical vulnerabilities in Dell Wyse Management Suite allow full system compromise. • Attackers can exploit unauthenticated device registration and logic flaws in user import functions. • A patch has been released in version 5.5 to mitigate these vulnerabilities.