CVE-2020-1810

Опубликовано: 09 янв. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information.

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r003c00spc600:*:*:*:*:*:*:*

cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r003c10spc100:*:*:*:*:*:*:*

cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r005c00spc200:*:*:*:*:*:*:*

cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r005c00spc300:*:*:*:*:*:*:*

cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r005c10hp0001:*:*:*:*:*:*:*

cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r005c10spc100:*:*:*:*:*:*:*

cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r005c10spc200:*:*:*:*:*:*:*

cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r006c00:*:*:*:*:*:*:*

cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r001c00:*:*:*:*:*:*:*

cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c01:*:*:*:*:*:*:*

cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c10:*:*:*:*:*:*:*

cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c20:*:*:*:*:*:*:*

cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10:*:*:*:*:*:*:*

cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:huawei:s5700_firmware:v200r005c00spc500:*:*:*:*:*:*:*

cpe:2.3:o:huawei:s5700_firmware:v200r005c03:*:*:*:*:*:*:*

cpe:2.3:o:huawei:s5700_firmware:v200r006c00spc100:*:*:*:*:*:*:*

cpe:2.3:o:huawei:s5700_firmware:v200r006c00spc300:*:*:*:*:*:*:*

cpe:2.3:o:huawei:s5700_firmware:v200r006c00spc500:*:*:*:*:*:*:*

cpe:2.3:o:huawei:s5700_firmware:v200r007c00spc100:*:*:*:*:*:*:*

cpe:2.3:o:huawei:s5700_firmware:v200r007c00spc500:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

Одно из

cpe:2.3:o:huawei:s6700_firmware:v200r005c00spc500:*:*:*:*:*:*:*

cpe:2.3:o:huawei:s6700_firmware:v200r005c01:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00079

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-327

Связанные уязвимости

GHSA-784w-6w6h-jjwp

github

больше 3 лет назад

Huawei products CloudEngine 12800, S5700, and S6700 have a weak algorithm vulnerability. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. Affected product versions include: CloudEngine 12800 versions V100R003C00SPC600, V100R003C10SPC100, V100R005C00SPC200, V100R005C00SPC300, V100R005C10HP0001, V100R005C10SPC100, V100R005C10SPC200, V100R006C00, V200R001C00, V200R002C01, V200R002C10, V200R002C20, V200R005C10; CloudEngine S5700 versions V200R005C00SPC500, V200R005C03, V200R006C00SPC100, V200R006C00SPC300, V200R006C00SPC500, V200R007C00SPC100, V200R007C00SPC500, V200R010C00SPC300, V200R010C00SPC600, V200R010C00SPC700, V200R011C00SPC200, V200R011C10SPC500, V200R011C10SPC600, V200R012C00SPC200, V200R012C00SPC500, V200R012C00SPC600, V200R012C00SPC700, V200R012C00SPC710, V200R012C20; CloudEngine S6700 versions V200R005C00SPC500, V200R005C01, V200R00...

EPSS

Процентиль: 24%

0.00079

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-327