Vulnerability CVE-2019-3751

Vulnerability CVE-2019-3751

Published: 2019-09-03

Description:

Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim?s data in transit.

Type:

CWE-295

(Certificate Issues)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5.8/10	4.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	None

Affected software
DELL -> Emc enterprise copy data management

References:

https://www.dell.com/support/security/en-us/details/536848/DSA-2019-118-Dell-EMC-Enterprise-Copy-Data-Management-eCDM-Improper-Certificate-Validation-Vuln

Vulnerability CVE-2019-3751

CWE-295

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

5.8/10

4.9/10

8.6/10

Remote

Medium

No required

Partial

Partial

None

Affected software

References: