CVE-2018-15784: DSA-2019-001: Dell Networking OS10 Improper Certificate Validation Vulnerability
First published: Fri Jan 18 2019(Updated: )
Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell SmartFabric OS10 | <10.4.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-15784?
CVE-2018-15784 has a high severity rating due to the potential for an attacker to spoof a trusted server using an invalid certificate.
How do I fix CVE-2018-15784?
To fix CVE-2018-15784, upgrade Dell Networking OS10 to version 10.4.3.0 or later.
What systems are affected by CVE-2018-15784?
CVE-2018-15784 affects Dell Networking OS10 versions prior to 10.4.3.0.
What type of vulnerability is CVE-2018-15784?
CVE-2018-15784 is a vulnerability related to improper certificate validation during the TLS handshake in the Phone Home feature.
Could CVE-2018-15784 lead to data breaches?
Yes, CVE-2018-15784 could allow an attacker to perform man-in-the-middle attacks, potentially leading to data breaches.
- agent/type
- agent/author
- agent/title
- agent/references
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dell
- canonical/dell smartfabric os10