Weak Algorithm Vulnerability in Huawei Products Using RSA Algorithm
CVE-2020-1810

5.3MEDIUM

Key Information:

Vendor: Huawei
Status: Cloudengine 12800;s5700;s6700
Vendor: CVE Published:; 9 January 2020

What is CVE-2020-1810?

A weak algorithm vulnerability exists within various Huawei products that employ the RSA algorithm during the SSL key exchange process. The reliance on this outdated and insecure algorithm exposes affected products to potential exploitation. Attackers could leverage this vulnerability to extract sensitive information, putting user data and system integrity at risk. Organizations utilizing these products are advised to review their configurations and consider implementing stronger cryptographic algorithms to safeguard against potential breaches.

Affected Version(s)

CloudEngine 12800;S5700;S6700 V100R003C00SPC600,V100R003C10SPC100,V100R005C00SPC200,V100R005C00SPC300,V100R005C10HP0001,V100R005C10SPC100,V100R005C10SPC200,V100R006C00,V200R001C00,V200R002C01,V200R002C10,V200R002C20,V200R005C10

CloudEngine 12800;S5700;S6700 V200R005C00SPC500,V200R005C03,V200R006C00SPC100,V200R006C00SPC300,V200R006C00SPC500,V200R007C00SPC100,V200R007C00SPC500

CloudEngine 12800;S5700;S6700 V200R005C00SPC500,V200R005C01

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2020
Vulnerability Reserved
Nov 29, 2019

JSON