Remote Code Execution Vulnerability in Huawei Servers
CVE-2016-6838

7.5HIGH

Key Information:

Vendor: Huawei
Status: Rh1288 V3 Server Firmware; Rh2288 V3 Server Firmware; X6800 V3 Server Firmware; Xh620 V3 Server Firmware
Vendor: CVE Published:; 7 September 2016

Summary

Certain models of Huawei servers may allow remote attackers to exploit an insecure SSH encryption algorithm, potentially enabling the decryption of sensitive data. This vulnerability affects various server models running outdated software, emphasizing the importance of timely updates and security practices to safeguard against unauthorized data access.

References

http://www.securityfocus.com/bid/92503

vdb-entryx_refsource_BID

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 7, 2016
Vulnerability Reserved
Aug 18, 2016