CVE-2017-8157 — MEDIUM (5.9)

Vulnerability Description

OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Oceanstor 5800 V3 Firmware	v300r002c00
Huawei	Oceanstor 5800 V3	-
Huawei	Oceanstor 6900 V3 Firmware	v300r001c00
Huawei	Oceanstor 6900 V3	-

Related Weaknesses (CWE)

CWE-327

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstVendor Advisory

FAQ

What is CVE-2017-8157?

CVE-2017-8157 is a vulnerability with a CVSS score of 5.9 (MEDIUM). OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vuln...

How severe is CVE-2017-8157?

CVE-2017-8157 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8157?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Oceanstor 5800 V3 Firmware, Huawei Oceanstor 5800 V3, Huawei Oceanstor 6900 V3 Firmware, Huawei Oceanstor 6900 V3.