Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-6899

The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSL encryption algorithm.

Published

2016-09-07T19:28:20.443

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-200
    CWE-310
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System huawei rh5885_v3_server_firmware v100r003c01 Yes
Hardware huawei rh5885_v3_server - No
Operating System huawei rh1288_v3_server_firmware v100r003c00 Yes
Operating System huawei rh2288_v3_server_firmware v100r003c00 Yes
Operating System huawei rh2288h_v3_server_firmware v100r003c00 Yes
Operating System huawei xh620_v3_server_firmware v100r003c00 Yes
Operating System huawei xh622_v3_server_firmware v100r003c00 Yes
Operating System huawei xh628_v3_server_firmware v100r003c00 Yes
Hardware huawei rh1288_v3_server - No
Hardware huawei rh2288_v3_server - No
Hardware huawei rh2288h_v3_server - No
Hardware huawei xh620_v3_server - No
Hardware huawei xh622_v3_server - No
Hardware huawei xh628_v3_server - No
References