CVE-2018-15784

Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
Configurations

Configuration 1 (hide)

cpe:2.3:o:dell:networking_os10:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:51

Type Values Removed Values Added
References () https://www.dell.com/support/article/us/en/04/sln315899/dsa-2019-001-dell-networking-os10-improper-certificate-validation-vulnerability?lang=en - Vendor Advisory () https://www.dell.com/support/article/us/en/04/sln315899/dsa-2019-001-dell-networking-os10-improper-certificate-validation-vulnerability?lang=en - Vendor Advisory

Information

Published : 2019-01-18 22:29

Updated : 2024-11-21 03:51


NVD link : CVE-2018-15784

Mitre link : CVE-2018-15784

CVE.ORG link : CVE-2018-15784


JSON object : View

Products Affected

dell

  • networking_os10
CWE
CWE-295

Improper Certificate Validation