Описание
Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a certificate.
Ссылки
- MitigationVendor Advisory
- Third Party AdvisoryVDB Entry
- MitigationVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:huawei_firmware:s12700:v200r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
Одно из
cpe:2.3:o:huawei:s9700_firmware:v200r003c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s9700_firmware:v200r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:s9700:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
Одно из
cpe:2.3:o:huawei:s7700_firmware:v200r003c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s7700_firmware:v200r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*
Конфигурация 4
Одновременно
Одно из
cpe:2.3:o:huawei:s9300_firmware:v200r003c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s9300_firmware:v200r005c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:s9300:-:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00103
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a certificate.
EPSS
Процентиль: 29%
0.00103
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200