PT-2017-18165 · Huawei · Oceanstor 6900 V3+1

Published

2017-11-22

Updated

2019-10-03

CVE-2017-8157

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OceanStor 5800 V3 versions V300R002C00 through V300R002C10 OceanStor 6900 V3 version V300R001C00

Description The issue is related to an information leakage vulnerability. The products use TLS1.0 for encryption, which has known vulnerabilities. Attackers can exploit these vulnerabilities to decrypt data and obtain sensitive information.

Recommendations For OceanStor 5800 V3 versions V300R002C00 through V300R002C10, consider upgrading to a version that uses a more secure encryption protocol. For OceanStor 6900 V3 version V300R001C00, consider upgrading to a version that uses a more secure encryption protocol. As a temporary workaround, consider disabling the use of TLS1.0 to minimize the risk of exploitation.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

CVE-2017-8157

Affected Products

Oceanstor 5800 V3

Oceanstor 6900 V3

PT-2017-18165 · Huawei · Oceanstor 6900 V3+1

CVE-2017-8157

Weakness Enumeration

Related Identifiers

Affected Products

References · 3