CVE-2019-3710

Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges.

CVSS v3 8.1 HIGH
CVSS v2.0 6.8 MEDIUM

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.dell.com/support/article/SLN316558/	Vendor Advisory
https://www.dell.com/support/article/SLN316558/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:dell:emc_networking_os10:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-03-28 18:29

Updated : 2024-11-21 04:42

NVD link : CVE-2019-3710

Mitre link : CVE-2019-3710

CVE.ORG link : CVE-2019-3710

JSON object : View

Products Affected

dell

emc_networking_os10

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2019-3710", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.6}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2019-03-28T18:29:00.593", "references": [{"url": "https://www.dell.com/support/article/SLN316558/", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/article/SLN316558/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges."}, {"lang": "es", "value": "Las versiones de Dell EMC Networking OS10 anteriores a 10.4.3 contienen una vulnerabilidad de clave criptogr\u00e1fica debido a una aplicaci\u00f3n subyacente que utiliza pares de clave/certificado X.509v3 pre-instalados e indocumentados. Un atacante remoto no identificado con el conocimiento de las claves predeterminadas puede potencialmente interceptar comunicaciones u operar el sistema con privilegios elevados."}], "lastModified": "2024-11-21T04:42:22.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_networking_os10:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6475D619-586B-4188-8855-900E6D3F2DE8", "versionEndExcluding": "10.4.3"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}