CVE-2018-15784

HIGH

Dell Networking OS10 < 10.4.3.0 - Improper Certificate Validation in Phone Home Feature

Title source: llm

Description

Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/article/us/en/04/sln315899/dsa-2019-001-dell-networking-os10-improper-certificate-validation-vulnerability?lang=en

Scores

CVSS v3 7.4

EPSS 0.0009

EPSS Percentile 25.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-295

Status published

Products (1)

dell/networking_os10 < 10.4.3.0

Published Jan 18, 2019

Tracked Since Feb 18, 2026