Sign-up

ID

VAR-201903-0133


CVE

CVE-2019-3710


TITLE

Dell EMC Networking OS10 Vulnerabilities related to key management errors

Trust: 0.8

sources: JVNDB: JVNDB-2019-002933

DESCRIPTION

Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges. Dell Networking OS10 is a Linux-based network switch operating system developed by Dell. An encryption issue vulnerability exists in Dell Networking OS10. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text

Trust: 1.71

sources: NVD: CVE-2019-3710 // JVNDB: JVNDB-2019-002933 // VULHUB: VHN-155145

AFFECTED PRODUCTS

vendor:dellmodel:emc networking os10scope:ltversion:10.4.3

Trust: 1.0

vendor:dellmodel:networking os10scope:ltversion:10.4.3

Trust: 0.8

sources: JVNDB: JVNDB-2019-002933 // NVD: CVE-2019-3710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3710
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2019-3710
value: HIGH

Trust: 1.0

NVD: CVE-2019-3710
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-1154
value: HIGH

Trust: 0.6

VULHUB: VHN-155145
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3710
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155145
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3710
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2019-3710
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-3710
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155145 // JVNDB: JVNDB-2019-002933 // CNNVD: CNNVD-201903-1154 // NVD: CVE-2019-3710 // NVD: CVE-2019-3710

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:CWE-320

Trust: 0.9

sources: VULHUB: VHN-155145 // JVNDB: JVNDB-2019-002933 // NVD: CVE-2019-3710

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1154

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201903-1154

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002933

PATCH
title:DSA-2019-034url:https://www.dell.com/support/article/jp/ja/jpdhs1/sln316558/dsa-2019-034-dell-emc-networking-os10-undocumented-default-cryptographic-key-vulnerability?lang=en
Trust: 0.8
title:Dell Networking OS10 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90564
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-002933 // 
            
            
            
            CNNVD: CNNVD-201903-1154

EXTERNAL IDS
db:NVDid:CVE-2019-3710
Trust: 2.5
db:JVNDBid:JVNDB-2019-002933
Trust: 0.8
db:CNNVDid:CNNVD-201903-1154
Trust: 0.7
db:VULHUBid:VHN-155145
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155145 // 
            
            
            
            JVNDB: JVNDB-2019-002933 // 
            
            
            
            CNNVD: CNNVD-201903-1154 // 
            
            
            
            NVD: CVE-2019-3710

REFERENCES
url:https://www.dell.com/support/article/sln316558/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-3710
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3710
Trust: 0.8
sources:
            
            
            VULHUB: VHN-155145 // 
            
            
            
            JVNDB: JVNDB-2019-002933 // 
            
            
            
            CNNVD: CNNVD-201903-1154 // 
            
            
            
            NVD: CVE-2019-3710

SOURCES
db:VULHUBid:VHN-155145
db:JVNDBid:JVNDB-2019-002933
db:CNNVDid:CNNVD-201903-1154
db:NVDid:CVE-2019-3710

LAST UPDATE DATE
2024-11-23T22:48:25.911000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155145date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-002933date:2019-04-26T00:00:00
db:CNNVDid:CNNVD-201903-1154date:2022-04-06T00:00:00
db:NVDid:CVE-2019-3710date:2024-11-21T04:42:22.843

SOURCES RELEASE DATE
db:VULHUBid:VHN-155145date:2019-03-28T00:00:00
db:JVNDBid:JVNDB-2019-002933date:2019-04-26T00:00:00
db:CNNVDid:CNNVD-201903-1154date:2019-03-28T00:00:00
db:NVDid:CVE-2019-3710date:2019-03-28T18:29:00.593