CVE-2016-6838 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Rh1288 V3 Server Firmware	v100r003c00
Huawei	Rh2288 V3 Server Firmware	v100r003c00
Huawei	X6800 V3 Server Firmware	v100r003c00
Huawei	Xh620 V3 Server Firmware	v100r003c00
Huawei	Rh1288 V3 Server	-
Huawei	Rh2288 V3 Server	-
Huawei	X6800 V3 Server	-
Huawei	Xh620 V3 Server	-
Huawei	Ch121 V3 Server Firmware	v100r001c00
Huawei	Ch140 V3 Server Firmware	v100r001c00
Huawei	Ch220 V3 Server Firmware	v100r001c00
Huawei	Ch222 V3 Server Firmware	v100r001c00
Huawei	Ch226 V3 Server Firmware	v100r001c00
Huawei	Ch121 V3 Server	-
Huawei	Ch140 V3 Server	-
Huawei	Ch220 V3 Server	-
Huawei	Ch222 V3 Server	-
Huawei	Ch226 V3 Server	-

Related Weaknesses (CWE)

CWE-310 CWE-200

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-Vendor Advisory
http://www.securityfocus.com/bid/92503Third Party AdvisoryVDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-Vendor Advisory
http://www.securityfocus.com/bid/92503Third Party AdvisoryVDB Entry

FAQ

What is CVE-2016-6838?

CVE-2016-6838 is a vulnerability with a CVSS score of 7.5 (HIGH). Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 a...

How severe is CVE-2016-6838?

CVE-2016-6838 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-6838?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Rh1288 V3 Server Firmware, Huawei Rh2288 V3 Server Firmware, Huawei X6800 V3 Server Firmware, Huawei Xh620 V3 Server Firmware, Huawei Rh1288 V3 Server.