CVE-2017-15326

Published: Mar 23, 2018Modified: Nov 21, 2024

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.

Affected (2)

Products: Huawei: Dbs3900 Tdd Lte Firmware

1 product

Dbs3900 Tdd Lte Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Dbs3900 Tdd Lte Firmware	Version v100r003c00
Huawei Dbs3900 Tdd Lte Firmware	Version v100r004c10

Running on/with	Platform Versions
Huawei Dbs3900 Tdd Lte	All versions

Related CWEs

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

References (2)

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.