CVE-2022-34394

Name of the Vulnerable Software and Affected Versions Dell OS10 version 10.5.3.4

Description The issue is related to an Improper Certificate Validation vulnerability in the Support Assist component. This could allow a remote unauthenticated attacker to exploit the vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information.

Recommendations For Dell OS10 version 10.5.3.4, consider disabling the Support Assist feature until a patch is available to prevent potential exploitation. Restrict access to the switch configuration data to minimize the risk of unauthorized access. Avoid using the Support Assist component for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.