CVE-2018-15784

Name of the Vulnerable Software and Affected Versions Dell Networking OS10 versions prior to 10.4.3.0

Description The issue arises from a vulnerability in the Phone Home feature, which fails to properly validate the server's certificate authority during the TLS handshake. This could allow an attacker to potentially spoof a trusted entity by using a man-in-the-middle (MITM) attack, leveraging an invalid or malicious certificate.

Recommendations For versions prior to 10.4.3.0, update to version 10.4.3.0 or later to resolve the issue. As a temporary workaround, consider disabling the Phone Home feature until a patch is available. Restrict access to the Phone Home functionality to minimize the risk of exploitation.