CVE-2019-3710

DSA-2019-034: Dell EMC Networking OS10 Undocumented Default Cryptographic Key Vulnerability

CVSS 8.3 HIGHEPSS 0.8%

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.3EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

28 Mar 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges.

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products

Dell EMC · Dell EMC Networking OS10

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.dell.com/support/article/SLN316558/