CVE-2019-3762

Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
dellCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
dellemc_data_protection_central
1.0
dellemc_data_protection_central
1.0.1
dellemc_data_protection_central
18.1
dellemc_data_protection_central
18.2
dellemc_data_protection_central
19.1
dellemc_integrated_data_protection_appliance
2.0
dellemc_integrated_data_protection_appliance
2.1
dellemc_integrated_data_protection_appliance
2.2
dellemc_integrated_data_protection_appliance
2.3
dellemc_integrated_data_protection_appliance
2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability
https://www.dell.com/support/security/en-us/details/537007/DSA-2019-135-Dell-EMC-Data-Protection-Central-Improper-Chain-of-Trust-Vulnerability