// For flags

CVE-2019-3762

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.

Data Protection Central versiones 1.0, 1.0.1, 18.1, 18.2 y 19.1, contiene una vulnerabilidad de Cadena de Confianza de Certificado Inapropiada. atacante remoto no autenticado podría explotar esta vulnerabilidad mediante la obtención de un certificado firmado de CA de Data Protection Central al suplantar un sistema válido para comprometer la integridad de los datos.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-03 CVE Reserved
  • 2020-03-18 CVE Published
  • 2023-03-22 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-295: Improper Certificate Validation
  • CWE-296: Improper Following of a Certificate's Chain of Trust
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dell
Search vendor "Dell"
Emc Data Protection Central
Search vendor "Dell" for product "Emc Data Protection Central"
1.0
Search vendor "Dell" for product "Emc Data Protection Central" and version "1.0"
-
Affected
Dell
Search vendor "Dell"
Emc Data Protection Central
Search vendor "Dell" for product "Emc Data Protection Central"
1.0.1
Search vendor "Dell" for product "Emc Data Protection Central" and version "1.0.1"
-
Affected
Dell
Search vendor "Dell"
Emc Data Protection Central
Search vendor "Dell" for product "Emc Data Protection Central"
18.1
Search vendor "Dell" for product "Emc Data Protection Central" and version "18.1"
-
Affected
Dell
Search vendor "Dell"
Emc Data Protection Central
Search vendor "Dell" for product "Emc Data Protection Central"
18.2
Search vendor "Dell" for product "Emc Data Protection Central" and version "18.2"
-
Affected
Dell
Search vendor "Dell"
Emc Data Protection Central
Search vendor "Dell" for product "Emc Data Protection Central"
19.1
Search vendor "Dell" for product "Emc Data Protection Central" and version "19.1"
-
Affected
Dell
Search vendor "Dell"
Emc Integrated Data Protection Appliance
Search vendor "Dell" for product "Emc Integrated Data Protection Appliance"
2.0
Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" and version "2.0"
-
Affected
Dell
Search vendor "Dell"
Emc Integrated Data Protection Appliance
Search vendor "Dell" for product "Emc Integrated Data Protection Appliance"
2.1
Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" and version "2.1"
-
Affected
Dell
Search vendor "Dell"
Emc Integrated Data Protection Appliance
Search vendor "Dell" for product "Emc Integrated Data Protection Appliance"
2.2
Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" and version "2.2"
-
Affected
Dell
Search vendor "Dell"
Emc Integrated Data Protection Appliance
Search vendor "Dell" for product "Emc Integrated Data Protection Appliance"
2.3
Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" and version "2.3"
-
Affected
Dell
Search vendor "Dell"
Emc Integrated Data Protection Appliance
Search vendor "Dell" for product "Emc Integrated Data Protection Appliance"
2.4
Search vendor "Dell" for product "Emc Integrated Data Protection Appliance" and version "2.4"
-
Affected