Details of VAR-201909-0093

ID

VAR-201909-0093

CVE

CVE-2019-3751

TITLE

Dell EMC Enterprise Copy Data Management Vulnerabilities related to certificate validation

Trust: 0.8

sources: JVNDB: JVNDB-2019-008881

DESCRIPTION

Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit. A security vulnerability exists in Dell EMC eCDM. The following products and versions are affected: Dell EMC eCDM version 1.0, version 1.1, version 2.0, version 2.1, version 3.0

Trust: 1.71

sources: NVD: CVE-2019-3751 // JVNDB: JVNDB-2019-008881 // VULHUB: VHN-155186

AFFECTED PRODUCTS

vendor:	dell	model:	emc enterprise copy data management	scope:	eq	version:	1.0	Trust: 1.8
vendor:	dell	model:	emc enterprise copy data management	scope:	eq	version:	1.1	Trust: 1.8
vendor:	dell	model:	emc enterprise copy data management	scope:	eq	version:	2.0	Trust: 1.8
vendor:	dell	model:	emc enterprise copy data management	scope:	eq	version:	2.1	Trust: 1.8
vendor:	dell	model:	emc enterprise copy data management	scope:	eq	version:	3.0	Trust: 1.8

sources: JVNDB: JVNDB-2019-008881 // NVD: CVE-2019-3751

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-3751
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2019-3751
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-3751
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201909-043
value:	HIGH
Trust: 0.6
VULHUB:	VHN-155186
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-3751
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-155186
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-3751
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	5.2
version:	3.0
Trust: 1.8
security_alert@emc.com:	CVE-2019-3751
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	5.2
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-155186 // JVNDB: JVNDB-2019-008881 // CNNVD: CNNVD-201909-043 // NVD: CVE-2019-3751 // NVD: CVE-2019-3751

PROBLEMTYPE DATA

problemtype:

CWE-295

Trust: 1.9

sources: VULHUB: VHN-155186 // JVNDB: JVNDB-2019-008881 // NVD: CVE-2019-3751

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-043

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201909-043

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008881

PATCH

title:	DSA-2019-118: Dell EMC Enterprise Copy Data Management (eCDM) Improper Certificate Validation Vulnerability	url:	https://www.dell.com/support/security/en-us/details/536848/DSA-2019-118-Dell-EMC-Enterprise-Copy-Data-Management-eCDM-Improper-Certificate-Validation-Vuln	Trust: 0.8
title:	Dell EMC Enterprise Copy Data Management Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97808	Trust: 0.6

sources: JVNDB: JVNDB-2019-008881 // CNNVD: CNNVD-201909-043

EXTERNAL IDS

db:	NVD	id:	CVE-2019-3751	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-008881	Trust: 0.8
db:	CNNVD	id:	CNNVD-201909-043	Trust: 0.7
db:	CNVD	id:	CNVD-2020-15719	Trust: 0.1
db:	VULHUB	id:	VHN-155186	Trust: 0.1

sources: VULHUB: VHN-155186 // JVNDB: JVNDB-2019-008881 // CNNVD: CNNVD-201909-043 // NVD: CVE-2019-3751

REFERENCES

url:	https://www.dell.com/support/security/en-us/details/536848/dsa-2019-118-dell-emc-enterprise-copy-data-management-ecdm-improper-certificate-validation-vuln	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3751	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3751	Trust: 0.8

sources: VULHUB: VHN-155186 // JVNDB: JVNDB-2019-008881 // CNNVD: CNNVD-201909-043 // NVD: CVE-2019-3751

SOURCES

db:	VULHUB	id:	VHN-155186
db:	JVNDB	id:	JVNDB-2019-008881
db:	CNNVD	id:	CNNVD-201909-043
db:	NVD	id:	CVE-2019-3751

LAST UPDATE DATE

2024-11-23T22:16:50.969000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-155186	date:	2020-02-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-008881	date:	2019-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201909-043	date:	2020-02-12T00:00:00
db:	NVD	id:	CVE-2019-3751	date:	2024-11-21T04:42:27.793

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-155186	date:	2019-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-008881	date:	2019-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201909-043	date:	2019-09-03T00:00:00
db:	NVD	id:	CVE-2019-3751	date:	2019-09-03T17:15:11.210