TLS Cipher Suites Vulnerability in Huawei eSpace Products
CVE-2018-7958

7.4HIGH

Key Information:

Vendor: McAfee
Status: Espace 7950
Vendor: CVE Published:; 27 November 2018

Summary

A vulnerability exists in Huawei's eSpace products due to the support of anonymous TLS cipher suites. This flaw allows unauthorized remote attackers to execute man-in-the-middle attacks, intercepting and potentially tampering with the data during the user's login process. The insufficient authentication mechanisms in place make it possible for attackers to hijack user connections, posing significant security risks for sensitive information exchanges.

Affected Version(s)

eSpace 7950 V200R003C30

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 27, 2018
Vulnerability Reserved
Mar 9, 2018