CVE-2022-34394

Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000202974/dsa-2022-293-dell-networking-os10-security-update-for-a-support-assist-vulnerability	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:dell:smartfabric_os10:10.5.3.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-09-28 21:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-34394

Mitre link : CVE-2022-34394

CVE.ORG link : CVE-2022-34394

JSON object : View

Products Affected

dell

smartfabric_os10

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2022-34394", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2022-09-28T21:15:12.897", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000202974/dsa-2022-293-dell-networking-os10-security-update-for-a-support-assist-vulnerability", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information."}, {"lang": "es", "value": "Dell OS10, versi\u00f3n 10.5.3.4, contiene una vulnerabilidad de comprobaci\u00f3n inapropiada de certificados en Support Assist. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad, lo que conllevar\u00eda un acceso no autorizado a datos limitados de configuraci\u00f3n del conmutador. La vulnerabilidad podr\u00eda ser aprovechada por los atacantes para conducir ataques de tipo man-in-the-middle para conseguir acceso a la informaci\u00f3n de Support Assist"}], "lastModified": "2022-09-30T17:20:10.670", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:smartfabric_os10:10.5.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "719AFF0B-C445-4159-872F-DBBB554D1529"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}