1. Home
  2. CVE Database
  3. CVE-2016-6899
HIGH · 7.5

CVE-2016-6899

The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers ...

Vulnerability Description

The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSL encryption algorithm.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
HuaweiRh5885 V3 Server Firmwarev100r003c01
HuaweiRh5885 V3 Server-
HuaweiRh1288 V3 Server Firmwarev100r003c00
HuaweiRh2288 V3 Server Firmwarev100r003c00
HuaweiRh2288H V3 Server Firmwarev100r003c00
HuaweiXh620 V3 Server Firmwarev100r003c00
HuaweiXh622 V3 Server Firmwarev100r003c00
HuaweiXh628 V3 Server Firmwarev100r003c00
HuaweiRh1288 V3 Server-
HuaweiRh2288 V3 Server-
HuaweiRh2288H V3 Server-
HuaweiXh620 V3 Server-
HuaweiXh622 V3 Server-
HuaweiXh628 V3 Server-

Related Weaknesses (CWE)

CWE-310CWE-200

References

FAQ

What is CVE-2016-6899?

CVE-2016-6899 is a vulnerability with a CVSS score of 7.5 (HIGH). The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers ...

How severe is CVE-2016-6899?

CVE-2016-6899 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-6899?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Rh5885 V3 Server Firmware, Huawei Rh5885 V3 Server, Huawei Rh1288 V3 Server Firmware, Huawei Rh2288 V3 Server Firmware, Huawei Rh2288H V3 Server Firmware.