Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-6838

Опубликовано: 07 сент. 2016
Источник: nvd
CVSS3: 7.5
CVSS2: 4.3
EPSS Низкий

Описание

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:huawei:rh1288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:rh2288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:x6800_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:xh620_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:huawei:rh1288_v3_server:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:rh2288_v3_server:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:x6800_v3_server:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:xh620_v3_server:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:huawei:ch121_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ch140_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ch220_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ch222_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ch226_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:huawei:ch121_v3_server:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ch140_v3_server:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ch220_v3_server:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ch222_v3_server:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ch226_v3_server:-:*:*:*:*:*:*:*

EPSS

Процентиль: 22%
0.0007
Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

github логотип

GHSA-389p-6whp-pg38

CVSS3: 7.5
github
больше 3 лет назад

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm.

EPSS

Процентиль: 22%
0.0007
Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200