DSA-2019-001: Dell Networking OS10 Improper Certificate Validation Vulnerability
CVE-2018-15784

7.4HIGH

Key Information:

Vendor: Dell
Status: Dell Networking Os10
Vendor: CVE Published:; 18 January 2019

Summary

Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.

Affected Version(s)

Dell Networking OS10 < 10.4.3.0

References

https://www.dell.com/support/article/us/en/04/sln315899/d...

x_refsource_MISC

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2019
Vulnerability Reserved
Aug 23, 2018