PT-2016-7031 · Huawei · Huawei S12700+4
Frank Gifford
+3
·
Publicado
2016-08-10
·
Atualizado
2016-09-08
·
CVE-2016-6670
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500
Description
The issue concerns the generation of self-signed certificates in certain Huawei devices. These devices use random numbers with insufficient entropy, making it easier for remote attackers to discover private keys by leveraging knowledge of a certificate. This could potentially allow an attacker to compromise the certificates, as different devices' certificates may use the same random number.
Recommendations
For Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500, update to V200R008C00SPC500 or later to resolve the issue. As a temporary workaround, consider restricting access to self-signed certificates until a patch is available. Avoid using self-signed certificates in sensitive environments until the issue is resolved.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Huawei S12700
Huawei S7700
Huawei S9300
Huawei S9700
Huawei Vrp