Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Huawei Data Communication: Weak Algorithm Vulnerability (huawei-sa-20180704-01-algorithm)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Some Huawei products are prone to a weak algorithm vulnerability
Insight
Insight
There is a weak algorithm vulnerability in some Huawei products. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key and the previously captured sessions by some cryptanalytic operations.
Affected Software
Affected Software
Huawei CloudEngine 12800, CloudEngine 5800, CloudEngine 6800, CloudEngine 7800, RSE6500, S12700, S1700, S2700, S5700, S6700, S7700, S9700, SoftCo, VP9660 and eSpace U1981.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
See the referenced vendor advisory for a solution.