Headline
CVE-2022-34394: DSA-2022-239: Dell Networking OS10 Security Update for a SupportAssist Vulnerability
Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information.
Vaikutus
Low
Tiedot
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2022-34394
Dell OS10 version 10.5.3.4 contains an Improper Certificate Validation vulnerability in SupportAssist under specific conditions. A remote unauthenticated user may potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data that could be leveraged to conduct man-in-the-middle attacks.
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2022-34394
Dell OS10 version 10.5.3.4 contains an Improper Certificate Validation vulnerability in SupportAssist under specific conditions. A remote unauthenticated user may potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data that could be leveraged to conduct man-in-the-middle attacks.
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
Product
Affected Version
Updated Version
Link to Update
Dell Networking OS10
10.5.3.4
10.5.3.5
Link to update
The user can also upgrade to 10.5.4.0
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Product
Affected Version
Updated Version
Link to Update
Dell Networking OS10
10.5.3.4
10.5.3.5
Link to update
The user can also upgrade to 10.5.4.0
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Keinoja ongelman kiertämiseen tai lieventämiseen
A system configuration file can be manually edited through system CLI.
Versiohistoria
Revision
Date
Description
1.0
2022-09-01
Initial Release
1.1
2022-09-06
Updated DSA ID
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
06 syysk. 2022