Sign-up

ID

VAR-201901-0464


CVE

CVE-2018-15784


TITLE

Dell Networking OS10 Vulnerabilities related to certificate validation

Trust: 0.8

sources: JVNDB: JVNDB-2018-014416

DESCRIPTION

Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. Dell Networking OS10 Contains a certificate validation vulnerability.Information may be obtained and information may be altered. Dell Networking OS10 is a Linux-based network switch operating system developed by Dell

Trust: 1.71

sources: NVD: CVE-2018-15784 // JVNDB: JVNDB-2018-014416 // VULHUB: VHN-126078

AFFECTED PRODUCTS

vendor:dellmodel:networking os10scope:ltversion:10.4.3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-014416 // NVD: CVE-2018-15784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15784
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2018-15784
value: HIGH

Trust: 1.0

NVD: CVE-2018-15784
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-757
value: HIGH

Trust: 0.6

VULHUB: VHN-126078
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15784
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-126078
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15784
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 5.2
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-126078 // JVNDB: JVNDB-2018-014416 // CNNVD: CNNVD-201901-757 // NVD: CVE-2018-15784 // NVD: CVE-2018-15784

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.9

sources: VULHUB: VHN-126078 // JVNDB: JVNDB-2018-014416 // NVD: CVE-2018-15784

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-757

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201901-757

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014416

PATCH
title:DSA-2019-001url:https://www.dell.com/support/article/jp/ja/jpdhs1/sln315899/dsa-2019-001-dell-networking-os10-improper-certificate-validation-vulnerability?lang=en
Trust: 0.8
title:Dell Networking OS10 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88859
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014416 // 
            
            
            
            CNNVD: CNNVD-201901-757

EXTERNAL IDS
db:NVDid:CVE-2018-15784
Trust: 2.5
db:JVNDBid:JVNDB-2018-014416
Trust: 0.8
db:CNNVDid:CNNVD-201901-757
Trust: 0.7
db:VULHUBid:VHN-126078
Trust: 0.1
sources:
            
            
            VULHUB: VHN-126078 // 
            
            
            
            JVNDB: JVNDB-2018-014416 // 
            
            
            
            CNNVD: CNNVD-201901-757 // 
            
            
            
            NVD: CVE-2018-15784

REFERENCES
url:https://www.dell.com/support/article/us/en/04/sln315899/dsa-2019-001-dell-networking-os10-improper-certificate-validation-vulnerability?lang=en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15784
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15784
Trust: 0.8
sources:
            
            
            VULHUB: VHN-126078 // 
            
            
            
            JVNDB: JVNDB-2018-014416 // 
            
            
            
            CNNVD: CNNVD-201901-757 // 
            
            
            
            NVD: CVE-2018-15784

SOURCES
db:VULHUBid:VHN-126078
db:JVNDBid:JVNDB-2018-014416
db:CNNVDid:CNNVD-201901-757
db:NVDid:CVE-2018-15784

LAST UPDATE DATE
2024-11-23T22:12:11.087000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-126078date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-014416date:2019-03-22T00:00:00
db:CNNVDid:CNNVD-201901-757date:2019-10-17T00:00:00
db:NVDid:CVE-2018-15784date:2024-11-21T03:51:27.647

SOURCES RELEASE DATE
db:VULHUBid:VHN-126078date:2019-01-18T00:00:00
db:JVNDBid:JVNDB-2018-014416date:2019-03-22T00:00:00
db:CNNVDid:CNNVD-201901-757date:2019-01-21T00:00:00
db:NVDid:CVE-2018-15784date:2019-01-18T22:29:00.630