PT-2017-18165 · Huawei · Oceanstor 6900 V3+1
Publicado
2017-11-22
·
Atualizado
2019-10-03
·
CVE-2017-8157
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OceanStor 5800 V3 versions V300R002C00 through V300R002C10
OceanStor 6900 V3 version V300R001C00
Description
The issue is related to an information leakage vulnerability. The products use TLS1.0 for encryption, which has known vulnerabilities. Attackers can exploit these vulnerabilities to decrypt data and obtain sensitive information.
Recommendations
For OceanStor 5800 V3 versions V300R002C00 through V300R002C10, consider upgrading to a version that uses a more secure encryption protocol.
For OceanStor 6900 V3 version V300R001C00, consider upgrading to a version that uses a more secure encryption protocol.
As a temporary workaround, consider disabling the use of TLS1.0 to minimize the risk of exploitation.
Correção
Use of a Broken Cryptographic Algorithm
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Oceanstor 5800 V3
Oceanstor 6900 V3