Lucene search

[email protected]CVE-2016-6838

HistorySep 07, 2016 - 7:28 p.m.

CVE-2016-6838

2016-09-0719:28:15

CWE-310

CWE-200

[email protected]

web.nvd.nist.gov

cve-2016-6838

huawei

x6800

xh620

rh1288

rh2288

ch140

ch226

ch220

ch121

ch222

server

vulnerability

ssh

encryption

algorithm

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.7%

JSON

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm.

Affected configurations

NVD

Node

huaweirh1288_v3_server_firmwareMatchv100r003c00

huaweirh2288_v3_server_firmwareMatchv100r003c00

huaweix6800_v3_server_firmwareMatchv100r003c00

huaweixh620_v3_server_firmwareMatchv100r003c00

AND

huaweirh1288_v3_serverMatch-

huaweirh2288_v3_serverMatch-

huaweix6800_v3_serverMatch-

huaweixh620_v3_serverMatch-

Node

huaweich121_v3_server_firmwareMatchv100r001c00

huaweich140_v3_server_firmwareMatchv100r001c00

huaweich220_v3_server_firmwareMatchv100r001c00

huaweich222_v3_server_firmwareMatchv100r001c00

huaweich226_v3_server_firmwareMatchv100r001c00

AND

huaweich121_v3_serverMatch-

huaweich140_v3_serverMatch-

huaweich220_v3_serverMatch-

huaweich222_v3_serverMatch-

huaweich226_v3_serverMatch-

CPENameOperatorVersion
huawei:rh1288_v3_server_firmwarehuawei rh1288 v3 server firmwareeqv100r003c00
huawei:rh2288_v3_server_firmwarehuawei rh2288 v3 server firmwareeqv100r003c00
huawei:x6800_v3_server_firmwarehuawei x6800 v3 server firmwareeqv100r003c00
huawei:xh620_v3_server_firmwarehuawei xh620 v3 server firmwareeqv100r003c00

CPE	Name	Operator	Version
huawei:rh1288_v3_server_firmware	huawei rh1288 v3 server firmware	eq	v100r003c00
huawei:rh2288_v3_server_firmware	huawei rh2288 v3 server firmware	eq	v100r003c00
huawei:x6800_v3_server_firmware	huawei x6800 v3 server firmware	eq	v100r003c00
huawei:xh620_v3_server_firmware	huawei xh620 v3 server firmware	eq	v100r003c00

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en

www.securityfocus.com/bid/92503

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.7%

JSON

Related for CVE-2016-6838

prion1 cvelist1 huawei1 nvd1