Lucene search

[email protected]NVD:CVE-2022-34394

HistorySep 28, 2022 - 9:15 p.m.

CVE-2022-34394

2022-09-2821:15:12

CWE-295

[email protected]

web.nvd.nist.gov

dell os10

version 10.5.3.4

improper certificate validation

support assist

unauthorized access

man-in-the-middle

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

51.4%

JSON

Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information.

Affected configurations

Nvd

Node

dellsmartfabric_os10Match10.5.3.4

VendorProductVersionCPE
dellsmartfabric_os1010.5.3.4cpe:2.3:o:dell:smartfabric_os10:10.5.3.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	smartfabric_os10	10.5.3.4	cpe:2.3:o:dell:smartfabric_os10:10.5.3.4:::::::*

References

www.dell.com/support/kbdoc/en-us/000202974/dsa-2022-293-dell-networking-os10-security-update-for-a-support-assist-vulnerability

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

51.4%

JSON

Related for NVD:CVE-2022-34394

cve1 cnvd1 prion1 cvelist1