FKIE_CVE-2020-1810

Vulnerability from fkie_nvd - Published: 2020-01-09 18:15 - Updated: 2024-11-21 05:11
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information.
References
psirt@huawei.comhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-enVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-enVendor Advisory
Impacted products
Vendor Product Version
huawei cloudengine_12800_firmware v100r003c00spc600
huawei cloudengine_12800_firmware v100r003c10spc100
huawei cloudengine_12800_firmware v100r005c00spc200
huawei cloudengine_12800_firmware v100r005c00spc300
huawei cloudengine_12800_firmware v100r005c10hp0001
huawei cloudengine_12800_firmware v100r005c10spc100
huawei cloudengine_12800_firmware v100r005c10spc200
huawei cloudengine_12800_firmware v100r006c00
huawei cloudengine_12800_firmware v200r001c00
huawei cloudengine_12800_firmware v200r002c01
huawei cloudengine_12800_firmware v200r002c10
huawei cloudengine_12800_firmware v200r002c20
huawei cloudengine_12800_firmware v200r005c10
huawei cloudengine_12800 -
huawei s5700_firmware v200r005c00spc500
huawei s5700_firmware v200r005c03
huawei s5700_firmware v200r006c00spc100
huawei s5700_firmware v200r006c00spc300
huawei s5700_firmware v200r006c00spc500
huawei s5700_firmware v200r007c00spc100
huawei s5700_firmware v200r007c00spc500
huawei s5700 -
huawei s6700_firmware v200r005c00spc500
huawei s6700_firmware v200r005c01
huawei s6700 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r003c00spc600:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CAD1A04-54E8-4F24-A018-140F9FBD0562",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r003c10spc100:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA1E813D-57B1-449A-9513-3AFB083E116A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r005c00spc200:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D33A009-B3C9-4894-9426-D51E5D82A189",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r005c00spc300:*:*:*:*:*:*:*",
              "matchCriteriaId": "417BF51F-E61F-44C3-B479-102DFB3E9233",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r005c10hp0001:*:*:*:*:*:*:*",
              "matchCriteriaId": "7386FB64-0713-424B-A755-D1CABB877817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r005c10spc100:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4B8058-BEC1-4978-B12F-A526879FB7C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r005c10spc200:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DB167B-D9CE-439C-8840-525E1A4BB079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r006c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2DACA5-0AA6-419B-AC6A-8CC19326758E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r001c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "4492E892-7BE5-413A-AD53-2D39BD6626F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c01:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A7B1A3E-5D5A-4E3A-89F1-73DA7FF0F060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCC0FC04-05F0-4591-89EF-4E54D9A3ED8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c20:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7353CA0-9073-4EBD-B2FF-6FAD43274E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10:*:*:*:*:*:*:*",
              "matchCriteriaId": "433BD50B-C8A5-4F0B-8905-18131C9FD364",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE8A2875-0F7E-4790-A925-5999396B7578",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r005c00spc500:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B3B076D-F61E-4BE0-B808-D86EB6A83D92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r005c03:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B18ABC1-A970-472A-A8BF-934D1180930E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r006c00spc100:*:*:*:*:*:*:*",
              "matchCriteriaId": "F56ADA0A-B3B1-4B6C-9800-EB28B61E3F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r006c00spc300:*:*:*:*:*:*:*",
              "matchCriteriaId": "53A7B27E-CA45-44B7-9BE1-5B11D69BDDF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r006c00spc500:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A24F24-F960-4F0F-A553-3C7EAE5C13E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r007c00spc100:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FF2F7D0-8A62-4B9B-9551-749178FEA120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r007c00spc500:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCDCF4CA-48CF-4AEC-B3EC-7CD9EF9E3DA4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E22D3CFF-3353-4EE2-8933-84F395469D0D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:s6700_firmware:v200r005c00spc500:*:*:*:*:*:*:*",
              "matchCriteriaId": "96FF5103-C97A-443A-8475-0E99A0175455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:s6700_firmware:v200r005c01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4979AA8-0D8E-4F37-A7DC-709BE4821D51",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA7AC10D-B0DD-4206-8642-134DDD585C06",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de algoritmo d\u00e9bil en algunos productos Huawei. Los productos afectados utilizan el algoritmo RSA en el algoritmo de intercambio de claves SSL que se ha considerado como un algoritmo d\u00e9bil. Los atacantes pueden explotar esta vulnerabilidad para filtrar cierta informaci\u00f3n."
    }
  ],
  "id": "CVE-2020-1810",
  "lastModified": "2024-11-21T05:11:25.460",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-09T18:15:10.593",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-327"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.