CVE-2017-8157

OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:huawei:oceanstor_5800_v3_firmware:v300r002c00:::::::*
	cpe:2.3:o:huawei:oceanstor_5800_v3_firmware:v300r002c10:::::::*

cpe:2.3:h:huawei:oceanstor_5800_v3:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:oceanstor_6900_v3_firmware:v300r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_6900_v3:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-11-22 19:29

Updated : 2023-12-10 12:15

NVD link : CVE-2017-8157

Mitre link : CVE-2017-8157

CVE.ORG link : CVE-2017-8157

JSON object : View

Products Affected

huawei

oceanstor_5800_v3
oceanstor_6900_v3_firmware
oceanstor_6900_v3
oceanstor_5800_v3_firmware

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

{"id": "CVE-2017-8157", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2017-11-22T19:29:03.617", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information."}, {"lang": "es", "value": "OceanStor 5800 V3 con software V300R002C00 y V300R002C10, OceanStor 6900 V3 V300R001C00 tiene una vulnerabilidad de fuga de informaci\u00f3n. Los productos utilizan TLS1.0 para cifrar. Los atacantes podr\u00edan explotar las vulnerabilidades del TLS1.0 para descifrar datos y as\u00ed obtener informaci\u00f3n sensible."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:oceanstor_5800_v3_firmware:v300r002c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F238EE9F-FDA9-4A95-84DA-CE2A5E8D3F1B"}, {"criteria": "cpe:2.3:o:huawei:oceanstor_5800_v3_firmware:v300r002c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CC607F8-2E3C-4B6C-AA44-A3FD66644D93"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:oceanstor_5800_v3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "524A38D1-1A6A-4969-8DAB-D7A3809F0E62"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:oceanstor_6900_v3_firmware:v300r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B3DCBCB-33A8-46E8-944C-3CFAE33BF390"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:oceanstor_6900_v3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DFF2739C-77B6-48A9-AB95-4B4F9BF87F72"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}