CVE-2019-3710 — HIGH (8.1) — White Hats Nepal

Q: How severe is CVE-2019-3710?

CVE-2019-3710 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-3710?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Networking Os10.

Vulnerability Description

Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dell	Emc Networking Os10	< 10.4.3

Related Weaknesses (CWE)

CWE-798

References

https://www.dell.com/support/article/SLN316558/Vendor Advisory
https://www.dell.com/support/article/SLN316558/Vendor Advisory

FAQ

What is CVE-2019-3710?

CVE-2019-3710 is a vulnerability with a CVSS score of 8.1 (HIGH). Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthe...

How severe is CVE-2019-3710?

CVE-2019-3710 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3710?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Networking Os10.