CVE-2017-15326

EPSS 0.04%
Published 23.03.2018 16:29:00
Last modified 21.11.2024 03:14:28
Source psirt@huawei.com
Teams watchlist Login
Open Login

DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ Dbs3900 Tdd Lte Firmware Versionv100r003c00

Huawei ≫ Dbs3900 Tdd Lte Version-

Huawei ≫ Dbs3900 Tdd Lte Firmware Versionv100r004c10

Huawei ≫ Dbs3900 Tdd Lte Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.109

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-15326

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-15326

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-15326

EUVD