CVE-2016-6838

EPSS 0.07%
Published 07.09.2016 19:28:15
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ Rh1288 V3 Server Firmware Versionv100r003c00

   Huawei ≫ Rh1288 V3 Server Version-
   Huawei ≫ Rh2288 V3 Server Version-
   Huawei ≫ X6800 V3 Server Version-
   Huawei ≫ Xh620 V3 Server Version-

Huawei ≫ Rh2288 V3 Server Firmware Versionv100r003c00

   Huawei ≫ Rh1288 V3 Server Version-
   Huawei ≫ Rh2288 V3 Server Version-
   Huawei ≫ X6800 V3 Server Version-
   Huawei ≫ Xh620 V3 Server Version-

Huawei ≫ X6800 V3 Server Firmware Versionv100r003c00

   Huawei ≫ Rh1288 V3 Server Version-
   Huawei ≫ Rh2288 V3 Server Version-
   Huawei ≫ X6800 V3 Server Version-
   Huawei ≫ Xh620 V3 Server Version-

Huawei ≫ Xh620 V3 Server Firmware Versionv100r003c00

   Huawei ≫ Rh1288 V3 Server Version-
   Huawei ≫ Rh2288 V3 Server Version-
   Huawei ≫ X6800 V3 Server Version-
   Huawei ≫ Xh620 V3 Server Version-

Huawei ≫ Ch121 V3 Server Firmware Versionv100r001c00

   Huawei ≫ Ch121 V3 Server Version-
   Huawei ≫ Ch140 V3 Server Version-
   Huawei ≫ Ch220 V3 Server Version-
   Huawei ≫ Ch222 V3 Server Version-
   Huawei ≫ Ch226 V3 Server Version-

Huawei ≫ Ch140 V3 Server Firmware Versionv100r001c00

   Huawei ≫ Ch121 V3 Server Version-
   Huawei ≫ Ch140 V3 Server Version-
   Huawei ≫ Ch220 V3 Server Version-
   Huawei ≫ Ch222 V3 Server Version-
   Huawei ≫ Ch226 V3 Server Version-

Huawei ≫ Ch220 V3 Server Firmware Versionv100r001c00

   Huawei ≫ Ch121 V3 Server Version-
   Huawei ≫ Ch140 V3 Server Version-
   Huawei ≫ Ch220 V3 Server Version-
   Huawei ≫ Ch222 V3 Server Version-
   Huawei ≫ Ch226 V3 Server Version-

Huawei ≫ Ch222 V3 Server Firmware Versionv100r001c00

   Huawei ≫ Ch121 V3 Server Version-
   Huawei ≫ Ch140 V3 Server Version-
   Huawei ≫ Ch220 V3 Server Version-
   Huawei ≫ Ch222 V3 Server Version-
   Huawei ≫ Ch226 V3 Server Version-

Huawei ≫ Ch226 V3 Server Firmware Versionv100r001c00

   Huawei ≫ Ch121 V3 Server Version-
   Huawei ≫ Ch140 V3 Server Version-
   Huawei ≫ Ch220 V3 Server Version-
   Huawei ≫ Ch222 V3 Server Version-
   Huawei ≫ Ch226 V3 Server Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.22

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en

Vendor Advisory

http://www.securityfocus.com/bid/92503

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-6838

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-6838

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-6838

EUVD