CVE-2022-34394

{"id": "CVE-2022-34394", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2022-09-28T21:15:12.897", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000202974/dsa-2022-293-dell-networking-os10-security-update-for-a-support-assist-vulnerability", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/kbdoc/en-us/000202974/dsa-2022-293-dell-networking-os10-security-update-for-a-support-assist-vulnerability", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-295"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information."}, {"lang": "es", "value": "Dell OS10, versi\u00f3n 10.5.3.4, contiene una vulnerabilidad de comprobaci\u00f3n inapropiada de certificados en Support Assist. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad, lo que conllevar\u00eda un acceso no autorizado a datos limitados de configuraci\u00f3n del conmutador. La vulnerabilidad podr\u00eda ser aprovechada por los atacantes para conducir ataques de tipo man-in-the-middle para conseguir acceso a la informaci\u00f3n de Support Assist"}], "lastModified": "2024-11-21T07:09:25.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:smartfabric_os10:10.5.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "719AFF0B-C445-4159-872F-DBBB554D1529"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}