CVE-2017-15326 - OpenCVE

DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Dbs3900 Tdd Lte Dbs3900 Tdd Lte Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r003c00:::::::*
	cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r004c10:::::::*

cpe:2.3:h:huawei:dbs3900_tdd_lte:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2018-03-23T16:00:00Z

Updated: 2024-09-16T20:53:07.931Z

Reserved: 2017-10-14T00:00:00

Link: CVE-2017-15326

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-03-23T16:29:00.177

Modified: 2018-04-19T14:04:00.303

Link: CVE-2017-15326

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "DBS3900 TDD LTE", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "V100R003C00, V100R004C10"}]}], "datePublic": "2018-03-21T00:00:00", "descriptions": [{"lang": "en", "value": "DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage."}], "problemTypes": [{"descriptions": [{"description": "weak encryption algorithm", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-23T15:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "DATE_PUBLIC": "2018-03-21T00:00:00", "ID": "CVE-2017-15326", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "DBS3900 TDD LTE", "version": {"version_data": [{"version_value": "V100R003C00, V100R004C10"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "weak encryption algorithm"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:50:16.571Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-15326", "datePublished": "2018-03-23T16:00:00Z", "dateReserved": "2017-10-14T00:00:00", "dateUpdated": "2024-09-16T20:53:07.931Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r003c00:*:*:*:*:*:*:*", "matchCriteriaId": "403CCA52-CB4F-4ABC-B7CF-4FAD9E12E1CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r004c10:*:*:*:*:*:*:*", "matchCriteriaId": "FFAB4847-06F9-4A7C-9CFD-99DC7635166E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:dbs3900_tdd_lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "03FCC014-251D-4BE8-A43E-01456A28AEEC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage."}, {"lang": "es", "value": "DBS3900 LTE TDD versiones V100R003C00 y V100R004C10 tiene una vulnerabilidad de seguridad de algoritmo de cifrado d\u00e9bil. DBS3900 LTE TDD soporta la negociaci\u00f3n de protocolos SSL/TLS empleando algoritmos de cifrado inseguros. Si se negocia un algoritmo de cifrado inseguro en la comunicaci\u00f3n, un atacante remoto no autenticado puede explotar esta vulnerabilidad para descifrar los datos cifrados y provocar una fuga de informaci\u00f3n."}], "id": "CVE-2017-15326", "lastModified": "2018-04-19T14:04:00.303", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-23T16:29:00.177", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}