Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
References
Configurations
History
21 Nov 2024, 03:51
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.dell.com/support/article/us/en/04/sln315899/dsa-2019-001-dell-networking-os10-improper-certificate-validation-vulnerability?lang=en - Vendor Advisory |
Information
Published : 2019-01-18 22:29
Updated : 2024-11-21 03:51
NVD link : CVE-2018-15784
Mitre link : CVE-2018-15784
CVE.ORG link : CVE-2018-15784
JSON object : View
Products Affected
dell
- networking_os10
CWE
CWE-295
Improper Certificate Validation