DSA-2019-034: Dell EMC Networking OS10 Undocumented Default Cryptographic Key Vulnerability
CVE-2019-3710

8.3HIGH

Key Information:

Vendor: Dell
Status: Dell Emc Networking Os10
Vendor: CVE Published:; 28 March 2019

Summary

Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges.

Affected Version(s)

Dell EMC Networking OS10 < 10.4.3.0

References

https://www.dell.com/support/article/SLN316558/

x_refsource_MISC

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 28, 2019
Vulnerability Reserved
Jan 3, 2019