Improper Certificate Chain of Trust in Data Protection Central by Dell
CVE-2019-3762
7.5HIGH
Summary
Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 present an vulnerability where improper validation of certificate chains allows remote unauthenticated attackers to potentially exploit the system. By obtaining a CA signed certificate from Data Protection Central, an attacker can impersonate a legitimate system, leading to potential data integrity breaches. This vulnerability highlights the critical importance of robust certificate validation processes in maintaining data security.
Affected Version(s)
Data Protection Central 1.0, 1.0.1, 18.1, 18.2, 19.1
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved