PT-2017-9784 · Huawei · Huawei Oceanstor 5600 V3
Luiz Angelo Daros De Luca
·
Published
2017-04-02
·
Updated
2017-04-07
·
CVE-2016-8754
CVSS v3.1
7.5
High
| Vector | AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Huawei OceanStor 5600 V3 version V300R003C00
Description
The issue concerns a hardcoded SSH key used for encrypting communication data and authenticating different nodes of the devices. An attacker may obtain the hardcoded keys and log in to the device through SSH.
Recommendations
For Huawei OceanStor 5600 V3 version V300R003C00, consider disabling SSH access until a patch or fix is available to prevent potential unauthorized login. Restrict access to the device to minimize the risk of exploitation.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Oceanstor 5600 V3