CVE-2017-15326

EPSS 0.04%
Veröffentlicht 23.03.2018 16:29:00
Zuletzt bearbeitet 21.11.2024 03:14:28
Quelle psirt@huawei.com
Teams Watchlist Login
Unerledigt Login

DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ Dbs3900 Tdd Lte Firmware Versionv100r003c00

Huawei ≫ Dbs3900 Tdd Lte Version-

Huawei ≫ Dbs3900 Tdd Lte Firmware Versionv100r004c10

Huawei ≫ Dbs3900 Tdd Lte Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.109

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-15326

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-15326

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-15326

EUVD