High
Dell Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges.
Dell Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges.
Resolution:
Dell Networking OS10 version 10.4.3 provides the ability for the users to replace the pre-installed X.509 key/certificate pairs with their own pairs. The key/certificate replacement is recommended to be done when operating in a Fabric Mode such as Virtual Link Trunking in order to secure the system.
The following Dell Networking OS10 version have been updated to address this vulnerability:
Dell Networking OS10 versions 10.4.3
Dell recommends all customers upgrade at the earliest opportunity.
Customers are advised to follow the OS 10.4.3 User Guide (https://downloads.dell.com/manuals/common/os10-4-3-0-enterprise_ug_en-us.pdf )
to securely configure OS10 and install/replace the X.509v3 key/certificate pairs (see the System Management, Security, X.509v3 certificates section in the User Guide).
Customers can download software from https://www.dell.com/support/software/
Resolution:
Dell Networking OS10 version 10.4.3 provides the ability for the users to replace the pre-installed X.509 key/certificate pairs with their own pairs. The key/certificate replacement is recommended to be done when operating in a Fabric Mode such as Virtual Link Trunking in order to secure the system.
The following Dell Networking OS10 version have been updated to address this vulnerability:
Dell Networking OS10 versions 10.4.3
Dell recommends all customers upgrade at the earliest opportunity.
Customers are advised to follow the OS 10.4.3 User Guide (https://downloads.dell.com/manuals/common/os10-4-3-0-enterprise_ug_en-us.pdf )
to securely configure OS10 and install/replace the X.509v3 key/certificate pairs (see the System Management, Security, X.509v3 certificates section in the User Guide).
Customers can download software from https://www.dell.com/support/software/
Dell would like to thank Thorsten Tüllmann from the Karlsruhe Institute of Technology for reporting this vulnerability.