CVE-2019-3710 HIGH

CVE-2019-3710: DSA-2019-034: Dell EMC Networking OS10 Undocumented Default Cryptographic Key Vulnerability

Vendor Dell Emc
Product Dell EMC Networking OS10
Published March 28, 2019
Last update August 4, 2024

CVSS base score

8.3/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges.

Key dates

02Disclosure timeline

March 28, 2019 CVE published
August 4, 2024 Record updated