Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

DSA-2019-034: Dell Networking OS10 Undocumented Default Cryptographic Key Vulnerability

Summary: Dell Networking OS10 Key Management Error Vulnerability, CVE Identifier: CVE-2019-3710

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Impact

High

Details

Dell Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges.

Dell Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Affected products: 
Dell Networking OS10 versions prior to 10.4.3.
 

Resolution: 
Dell Networking OS10 version 10.4.3 provides the ability for the users to replace the pre-installed X.509 key/certificate pairs with their own pairs. The key/certificate replacement is recommended to be done when operating in a Fabric Mode such as Virtual Link Trunking in order to secure the system.

The following Dell Networking OS10 version have been updated to address this vulnerability:

 Dell Networking OS10 versions 10.4.3

Affected products: 
Dell Networking OS10 versions prior to 10.4.3.
 

Resolution: 
Dell Networking OS10 version 10.4.3 provides the ability for the users to replace the pre-installed X.509 key/certificate pairs with their own pairs. The key/certificate replacement is recommended to be done when operating in a Fabric Mode such as Virtual Link Trunking in order to secure the system.

The following Dell Networking OS10 version have been updated to address this vulnerability:

 Dell Networking OS10 versions 10.4.3

Acknowledgements

Dell would like to thank Thorsten Tüllmann from the Karlsruhe Institute of Technology for reporting this vulnerability.

Related Information

Affected Products

Networking, Product Security Information
Article Properties
Article Number: 000146780
Article Type: Dell Security Advisory
Last Modified: 11 Dec 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.