Details of VAR-201609-0561

ID

VAR-201609-0561

CVE

CVE-2016-6899

TITLE

plural Huawei Product Intelligent Baseboard Management Controller Vulnerable to decrypting encrypted data

Trust: 0.8

sources: JVNDB: JVNDB-2016-004565

DESCRIPTION

The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSL encryption algorithm. plural Huawei Product Intelligent Baseboard Management Controller (iBMC) Contains a vulnerability that can decrypt encrypted data and, as a result, retrieve important information.Unsafe by a third party SSL By using the choice of encryption algorithm, the encrypted data can be decrypted and as a result, important information can be obtained. HuaweiRH1288 and other servers are Huawei's servers in China. An insecure encryption algorithm vulnerability exists in several Huawei products. A remote attacker can exploit this vulnerability to obtain sensitive information. Huawei Servers are prone to a security weakness. The following products and versions are affected: The following products and versions are affected: Huawei RH1288 V3 V100R003C00SPC613 previous version, RH2288 V3 V100R003C00SPC617 previous version, RH2288H V3 V100R003C00SPC515 previous version, RH5885 V3 V100R003C10SPC102 previous version, XH620 V3 , XH622 V3 , XH628 Versions earlier than V3 V100R003C00SPC610

Trust: 2.52

sources: NVD: CVE-2016-6899 // JVNDB: JVNDB-2016-004565 // CNVD: CNVD-2016-06758 // BID: 92623 // VULHUB: VHN-95719

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-06758

AFFECTED PRODUCTS

vendor:	huawei	model:	xh628 v3 server	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	rh5885 v3 server	scope:	eq	version:	v100r003c01	Trust: 1.6
vendor:	huawei	model:	rh2288 v3 server	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	xh622 v3 server	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	rh1288 v3 server	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	rh2288h v3 server	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	xh620 v3 server	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	rh1288 v100r003c00	scope:	eq	version:	v3	Trust: 0.9
vendor:	huawei	model:	rh2288 v100r003c00	scope:	eq	version:	v3	Trust: 0.9
vendor:	huawei	model:	rh2288h v100r003c00	scope:	eq	version:	v3	Trust: 0.9
vendor:	huawei	model:	xh620 v100r003c00	scope:	eq	version:	v3	Trust: 0.9
vendor:	huawei	model:	xh622 v100r003c00	scope:	eq	version:	v3	Trust: 0.9
vendor:	huawei	model:	xh628 v100r003c00	scope:	eq	version:	v3	Trust: 0.9
vendor:	huawei	model:	rh5885 v100r003c01	scope:	eq	version:	v3	Trust: 0.9
vendor:	huawei	model:	rh1288 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	rh1288 v3	scope:	lt	version:	v100r003c00spc613	Trust: 0.8
vendor:	huawei	model:	rh2288 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	rh2288 v3	scope:	lt	version:	v100r003c00spc617	Trust: 0.8
vendor:	huawei	model:	rh2288h v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	rh2288h v3	scope:	lt	version:	v100r003c00spc515	Trust: 0.8
vendor:	huawei	model:	rh5885 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	rh5885 v3	scope:	lt	version:	v100r003c10spc102	Trust: 0.8
vendor:	huawei	model:	xh620 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	xh620 v3	scope:	lt	version:	v100r003c00spc610	Trust: 0.8
vendor:	huawei	model:	xh622 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	xh622 v3	scope:	lt	version:	v100r003c00spc610	Trust: 0.8
vendor:	huawei	model:	xh628 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	xh628 v3	scope:	lt	version:	v100r003c00spc610	Trust: 0.8
vendor:	huawei	model:	xh628 v100r003c00spc610	scope:	ne	version:	v3	Trust: 0.3
vendor:	huawei	model:	xh622 v100r003c00spc610	scope:	ne	version:	v3	Trust: 0.3
vendor:	huawei	model:	xh620 v100r003c00spc610	scope:	ne	version:	v3	Trust: 0.3
vendor:	huawei	model:	rh5885 v100r003c10spc102	scope:	ne	version:	v3	Trust: 0.3
vendor:	huawei	model:	rh2288h v100r003c00spc515	scope:	ne	version:	v3	Trust: 0.3
vendor:	huawei	model:	rh2288 v100r003c00spc617	scope:	ne	version:	v3	Trust: 0.3
vendor:	huawei	model:	rh1288 v100r003c00spc613	scope:	ne	version:	v3	Trust: 0.3

sources: CNVD: CNVD-2016-06758 // BID: 92623 // JVNDB: JVNDB-2016-004565 // CNNVD: CNNVD-201608-452 // NVD: CVE-2016-6899

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6899
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-6899
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-06758
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201608-452
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-95719
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-6899
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-06758
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-95719
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6899
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-06758 // VULHUB: VHN-95719 // JVNDB: JVNDB-2016-004565 // CNNVD: CNNVD-201608-452 // NVD: CVE-2016-6899

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-310	Trust: 1.9

sources: VULHUB: VHN-95719 // JVNDB: JVNDB-2016-004565 // NVD: CVE-2016-6899

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-452

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201608-452

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004565

PATCH

title:	huawei-sa-20160824-02-server	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-server-en	Trust: 0.8
title:	Patches for multiple Huawei product insecure encryption algorithm vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/80772	Trust: 0.6
title:	Multiple Huawei Repair measures for product insecure encryption algorithm vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63775	Trust: 0.6

sources: CNVD: CNVD-2016-06758 // JVNDB: JVNDB-2016-004565 // CNNVD: CNNVD-201608-452

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6899	Trust: 3.4
db:	BID	id:	92623	Trust: 2.6
db:	JVNDB	id:	JVNDB-2016-004565	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-452	Trust: 0.7
db:	CNVD	id:	CNVD-2016-06758	Trust: 0.6
db:	VULHUB	id:	VHN-95719	Trust: 0.1

sources: CNVD: CNVD-2016-06758 // VULHUB: VHN-95719 // BID: 92623 // JVNDB: JVNDB-2016-004565 // CNNVD: CNNVD-201608-452 // NVD: CVE-2016-6899

REFERENCES

url:	http://www.securityfocus.com/bid/92623	Trust: 2.3
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-server-en	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6899	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6899	Trust: 0.8
url:	http://www.huawei.com	Trust: 0.3
url:	http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-02-server-en	Trust: 0.3

sources: CNVD: CNVD-2016-06758 // VULHUB: VHN-95719 // BID: 92623 // JVNDB: JVNDB-2016-004565 // CNNVD: CNNVD-201608-452 // NVD: CVE-2016-6899

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 92623

SOURCES

db:	CNVD	id:	CNVD-2016-06758
db:	VULHUB	id:	VHN-95719
db:	BID	id:	92623
db:	JVNDB	id:	JVNDB-2016-004565
db:	CNNVD	id:	CNNVD-201608-452
db:	NVD	id:	CVE-2016-6899

LAST UPDATE DATE

2025-04-13T23:41:17.039000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-06758	date:	2016-08-26T00:00:00
db:	VULHUB	id:	VHN-95719	date:	2016-09-08T00:00:00
db:	BID	id:	92623	date:	2016-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2016-004565	date:	2016-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201608-452	date:	2016-09-08T00:00:00
db:	NVD	id:	CVE-2016-6899	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-06758	date:	2016-08-26T00:00:00
db:	VULHUB	id:	VHN-95719	date:	2016-09-07T00:00:00
db:	BID	id:	92623	date:	2016-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2016-004565	date:	2016-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201608-452	date:	2016-08-25T00:00:00
db:	NVD	id:	CVE-2016-6899	date:	2016-09-07T19:28:20.443