CVE-2018-15784 HIGH

CVE-2018-15784: DSA-2019-001: Dell Networking OS10 Improper Certificate Validation Vulnerability

Vendor Dell
Product Dell Networking OS10
Published January 18, 2019
Last update September 16, 2024

CVSS base score

7.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.

Key dates

02Disclosure timeline

January 18, 2019 CVE published
September 16, 2024 Record updated