Unrated severityNVD Advisory· Published Jan 18, 2019· Updated Sep 16, 2024

DSA-2019-001: Dell Networking OS10 Improper Certificate Validation Vulnerability

CVE-2018-15784

Description

Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.

Affected products

Dell/Dell Networking OS10llm-fuzzy2 versions
<10.4.3.0+ 1 more
- (no CPE)range: <10.4.3.0
- (no CPE)range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dell.com/support/article/us/en/04/sln315899/dsa-2019-001-dell-networking-os10-improper-certificate-validation-vulnerabilitymitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000