CVE-2018-15784

Summary

Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.

Affected Software

VendorProductVersion RangeStatus
DellDell Networking OS10unspecified < 10.4.3.0affected

Weaknesses

  • Improper Certificate Validation

ADP Enrichment

CVE Program Container

Additional References

References