PT-2016-7157 · Huawei · Huawei Ibmc

Published

2016-09-07

Updated

2016-09-08

CVE-2016-6899

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Huawei iBMC versions prior to V100R003C00SPC613 Huawei iBMC versions prior to V100R003C00SPC617 Huawei iBMC versions prior to V100R003C00SPC515 Huawei iBMC versions prior to V100R003C10SPC102 Huawei iBMC versions prior to V100R003C00SPC610

Description The issue allows remote attackers to decrypt encrypted data, potentially obtaining sensitive information, by leveraging the selection of an insecure SSL encryption algorithm.

Recommendations For versions prior to V100R003C00SPC613, update to V100R003C00SPC613 or later. For versions prior to V100R003C00SPC617, update to V100R003C00SPC617 or later. For versions prior to V100R003C00SPC515, update to V100R003C00SPC515 or later. For versions prior to V100R003C10SPC102, update to V100R003C10SPC102 or later. For versions prior to V100R003C00SPC610, update to V100R003C00SPC610 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310CWE-200

Related Identifiers

CVE-2016-6899

Affected Products

Huawei Ibmc

PT-2016-7157 · Huawei · Huawei Ibmc

CVE-2016-6899

Weakness Enumeration

Related Identifiers

Affected Products

References · 4