Vulnerability Details : CVE-2019-3710
Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges.
Products affected by CVE-2019-3710
- cpe:2.3:o:dell:emc_networking_os10:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-3710
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-3710
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.3
|
HIGH | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
1.6
|
6.0
|
Dell | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2019-3710
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-3710
-
https://www.dell.com/support/article/SLN316558/
Access DeniedVendor Advisory
Jump to