Lucene search

[email protected]CVE-2020-1810

HistoryJan 09, 2020 - 6:15 p.m.

CVE-2020-1810

2020-01-0918:15:10

CWE-327

[email protected]

web.nvd.nist.gov

huawei

rsa algorithm

ssl key exchange

weak algorithm

vulnerability

information leak

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.0%

JSON

There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information.

Affected configurations

NVD

Node

huaweicloudengine_12800_firmwareMatchv100r003c00spc600

huaweicloudengine_12800_firmwareMatchv100r003c10spc100

huaweicloudengine_12800_firmwareMatchv100r005c00spc200

huaweicloudengine_12800_firmwareMatchv100r005c00spc300

huaweicloudengine_12800_firmwareMatchv100r005c10hp0001

huaweicloudengine_12800_firmwareMatchv100r005c10spc100

huaweicloudengine_12800_firmwareMatchv100r005c10spc200

huaweicloudengine_12800_firmwareMatchv100r006c00

huaweicloudengine_12800_firmwareMatchv200r001c00

huaweicloudengine_12800_firmwareMatchv200r002c01

huaweicloudengine_12800_firmwareMatchv200r002c10

huaweicloudengine_12800_firmwareMatchv200r002c20

huaweicloudengine_12800_firmwareMatchv200r005c10

AND

huaweicloudengine_12800Match-

Node

huaweis5700_firmwareMatchv200r005c00spc500

huaweis5700_firmwareMatchv200r005c03

huaweis5700_firmwareMatchv200r006c00spc100

huaweis5700_firmwareMatchv200r006c00spc300

huaweis5700_firmwareMatchv200r006c00spc500

huaweis5700_firmwareMatchv200r007c00spc100

huaweis5700_firmwareMatchv200r007c00spc500

AND

huaweis5700Match-

Node

huaweis6700_firmwareMatchv200r005c00spc500

huaweis6700_firmwareMatchv200r005c01

AND

huaweis6700Match-

CPENameOperatorVersion
huawei:cloudengine_12800_firmwarehuawei cloudengine 12800 firmwareeqv100r003c00spc600
huawei:cloudengine_12800_firmwarehuawei cloudengine 12800 firmwareeqv100r003c10spc100
huawei:cloudengine_12800_firmwarehuawei cloudengine 12800 firmwareeqv100r005c00spc200
huawei:cloudengine_12800_firmwarehuawei cloudengine 12800 firmwareeqv100r005c00spc300
huawei:cloudengine_12800_firmwarehuawei cloudengine 12800 firmwareeqv100r005c10hp0001
huawei:cloudengine_12800_firmwarehuawei cloudengine 12800 firmwareeqv100r005c10spc100
huawei:cloudengine_12800_firmwarehuawei cloudengine 12800 firmwareeqv100r005c10spc200
huawei:cloudengine_12800_firmwarehuawei cloudengine 12800 firmwareeqv100r006c00
huawei:cloudengine_12800_firmwarehuawei cloudengine 12800 firmwareeqv200r001c00
huawei:cloudengine_12800_firmwarehuawei cloudengine 12800 firmwareeqv200r002c01

CPE	Name	Operator	Version
huawei:cloudengine_12800_firmware	huawei cloudengine 12800 firmware	eq	v100r003c00spc600
huawei:cloudengine_12800_firmware	huawei cloudengine 12800 firmware	eq	v100r003c10spc100
huawei:cloudengine_12800_firmware	huawei cloudengine 12800 firmware	eq	v100r005c00spc200
huawei:cloudengine_12800_firmware	huawei cloudengine 12800 firmware	eq	v100r005c00spc300
huawei:cloudengine_12800_firmware	huawei cloudengine 12800 firmware	eq	v100r005c10hp0001
huawei:cloudengine_12800_firmware	huawei cloudengine 12800 firmware	eq	v100r005c10spc100
huawei:cloudengine_12800_firmware	huawei cloudengine 12800 firmware	eq	v100r005c10spc200
huawei:cloudengine_12800_firmware	huawei cloudengine 12800 firmware	eq	v100r006c00
huawei:cloudengine_12800_firmware	huawei cloudengine 12800 firmware	eq	v200r001c00
huawei:cloudengine_12800_firmware	huawei cloudengine 12800 firmware	eq	v200r002c01

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "product": "CloudEngine 12800;S5700;S6700",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V100R003C00SPC600,V100R003C10SPC100,V100R005C00SPC200,V100R005C00SPC300,V100R005C10HP0001,V100R005C10SPC100,V100R005C10SPC200,V100R006C00,V200R001C00,V200R002C01,V200R002C10,V200R002C20,V200R005C10"
      },
      {
        "status": "affected",
        "version": "V200R005C00SPC500,V200R005C03,V200R006C00SPC100,V200R006C00SPC300,V200R006C00SPC500,V200R007C00SPC100,V200R007C00SPC500"
      },
      {
        "status": "affected",
        "version": "V200R005C00SPC500,V200R005C01"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.0%

JSON

Related for CVE-2020-1810

prion1 cvelist1 openvas1 huawei1 nvd1