Lucene search

Huawei TechnologiesHUAWEI-SA-20160817-02-SERVER

HistoryAug 17, 2016 - 12:00 a.m.

Security Advisory - Information Leak Vulnerability in Some Huawei Servers

2016-08-1700:00:00

Huawei Technologies

www.huawei.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

46.5%

JSON

Some Huawei servers have an information leak vulnerability. The servers allow users to select security encryption algorithms. If an insecure encryption algorithm is selected, an attacker may decrypt ciphertext data, causing information leaks. (Vulnerability ID: HWPSIRT-2016-07019)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-6838.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en>

Affected configurations

Vulners

Node

huaweix6800Matchv100r003c00

huaweixh620_v3_firmwareMatchv100r003c00

huaweirh1288_v3_firmwareMatchv100r003c00

huaweifusionserver_rh2288_v3Matchv100r003c00

huaweich140_v3_firmwareMatchv100r001c00

huaweich226_v3_server_firmwareMatchv100r001c00

huaweifusionserver_ch220_v3Matchv100r001c00

huaweich121_v3_firmwareMatchv100r001c00

huaweifusionserver_ch222_v3Matchv100r001c00

huaweiibmcMatchv200r001c10

huaweiibmcMatchv200r001c20

huaweiibmcMatchv200r001c30

huaweirh5885_v3_server_firmwareMatchv100r003c01

CPENameOperatorVersion
x6800eqV100R003C00
xh620 v3eqV100R003C00
rh1288 v3eqV100R003C00
rh2288 v3eqV100R003C00
ch140 v3eqV100R001C00
ch226 v3eqV100R001C00
ch220 v3eqV100R001C00
ch121 v3eqV100R001C00
ch222 v3eqV100R001C00
ibmceqV200R001C10

Name	Operator	Version
x6800	eq	V100R003C00
xh620 v3	eq	V100R003C00
rh1288 v3	eq	V100R003C00
rh2288 v3	eq	V100R003C00
ch140 v3	eq	V100R001C00
ch226 v3	eq	V100R001C00
ch220 v3	eq	V100R001C00
ch121 v3	eq	V100R001C00
ch222 v3	eq	V100R001C00
ibmc	eq	V200R001C10

Rows per page:

1-10 of 131

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

46.5%

JSON

Related for HUAWEI-SA-20160817-02-SERVER