Security Advisory - Two Vulnerabilities in Huawei eSpace Product

There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak. (Vulnerability ID: HWPSIRT-2018-07153)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-7959.

There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak. (Vulnerability ID: HWPSIRT-2018-07154)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-7960.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en

[

](<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-en&gt;)