CVE-2018-5461 — MEDIUM (6.5)

Vulnerability Description

An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Belden	Hirschmann Rs20-0900Mmm2Tdau	-
Belden	Hirschmann Rs20-0900Nnm4Tdau	-
Belden	Hirschmann Rs20-0900Vvm2Tdau	-
Belden	Hirschmann Rs20-1600L2L2Sdau	-
Belden	Hirschmann Rs20-1600L2M2Sdau	-
Belden	Hirschmann Rs20-1600L2S2Sdau	-
Belden	Hirschmann Rs20-1600L2T1Sdau	-
Belden	Hirschmann Rs20-1600M2M2Sdau	-
Belden	Hirschmann Rs20-1600M2T1Sdau	-
Belden	Hirschmann Rs20-1600S2M2Sdau	-
Belden	Hirschmann Rs20-1600S2S2Sdau	-
Belden	Hirschmann Rs20-1600S2T1Sdau	-
Belden	Hirschmann Rsr20	-
Belden	Hirschmann Rsr30	-
Belden	Hirschmann Rsb20-0800M2M2Saab	-
Belden	Hirschmann Rsb20-0800M2M2Saabe	-
Belden	Hirschmann Rsb20-0800M2M2Taab	-
Belden	Hirschmann Rsb20-0800M2M2Taabe	-
Belden	Hirschmann Rsb20-0800S2S2Saab	-
Belden	Hirschmann Rsb20-0800S2S2Saabe	-

Related Weaknesses (CWE)

CWE-326

References

http://www.securityfocus.com/bid/103340Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01MitigationThird Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/103340Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01MitigationThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2018-5461?

CVE-2018-5461 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vuln...

How severe is CVE-2018-5461?

CVE-2018-5461 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-5461?

Check the references section above for vendor advisories and patch information. Affected products include: Belden Hirschmann Rs20-0900Mmm2Tdau, Belden Hirschmann Rs20-0900Nnm4Tdau, Belden Hirschmann Rs20-0900Vvm2Tdau, Belden Hirschmann Rs20-1600L2L2Sdau, Belden Hirschmann Rs20-1600L2M2Sdau.