Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-6838

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm.

Published

2016-09-07T19:28:15.537

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200
CWE-310

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	rh1288_v3_server_firmware	v100r003c00	Yes
Operating System	huawei	rh2288_v3_server_firmware	v100r003c00	Yes
Operating System	huawei	x6800_v3_server_firmware	v100r003c00	Yes
Operating System	huawei	xh620_v3_server_firmware	v100r003c00	Yes
Hardware	huawei	rh1288_v3_server	-	No
Hardware	huawei	rh2288_v3_server	-	No
Hardware	huawei	x6800_v3_server	-	No
Hardware	huawei	xh620_v3_server	-	No
Operating System	huawei	ch121_v3_server_firmware	v100r001c00	Yes
Operating System	huawei	ch140_v3_server_firmware	v100r001c00	Yes
Operating System	huawei	ch220_v3_server_firmware	v100r001c00	Yes
Operating System	huawei	ch222_v3_server_firmware	v100r001c00	Yes
Operating System	huawei	ch226_v3_server_firmware	v100r001c00	Yes
Hardware	huawei	ch121_v3_server	-	No
Hardware	huawei	ch140_v3_server	-	No
Hardware	huawei	ch220_v3_server	-	No
Hardware	huawei	ch222_v3_server	-	No
Hardware	huawei	ch226_v3_server	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/92503 Third Party Advisory, VDB Entry ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/92503 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)