CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15778 – DSA-2019-019: Dell Networking OS10 OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2018-15778
Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI). Dell OS10, en versiones anteriores a la 10.4.2.1, contiene una vulnerabilidad provocada por la falta de una validación de entradas correcta en la interfaz de línea de comandos. • https://www.dell.com/support/article/sln316095 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15784 – DSA-2019-001: Dell Networking OS10 Improper Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2018-15784
Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. Dell Networking OS10 en versiones anteriores a la 10.4.3.0 contiene una vulnerabilidad en la funcionalidad "Phone Home" que no valida de manera correcta el certificado del servidor durante una negociación TLS. EL uso de un certificado inválido o malicioso podría permitir a un atacante suplantar una entidad fiable mediante un atacante Man-in-the-Middle (MitM). • https://www.dell.com/support/article/us/en/04/sln315899/dsa-2019-001-dell-networking-os10-improper-certificate-validation-vulnerability?lang=en • CWE-295: Improper Certificate Validation •