Details of VAR-201609-0583

ID

VAR-201609-0583

CVE

CVE-2016-6838

TITLE

plural Huawei Vulnerability in server software to decrypt encrypted data

Trust: 0.8

sources: JVNDB: JVNDB-2016-004580

DESCRIPTION

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm. plural Huawei Server software contains a vulnerability that can decrypt encrypted data and, as a result, retrieve important information.Insecure by third parties SSH By choosing an encryption algorithm, you may be able to decrypt the encrypted data and thereby obtain important information. The Huawei XH620 and X6800 are both server products of China's Huawei company. An information disclosure vulnerability exists in the HuaweiXH620 and X6800 that allows an attacker to exploit the vulnerability to obtain sensitive information or to initiate further attacks. Multiple Huawei Products are prone to an information-disclosure vulnerability. The following products and versions are affected: Huawei X6800 and H620 V3 V100R003C00SPC606 previous version, RH1288 V3 V100R003C00SPC613 previous version, RH2288 V3 V100R003C00SPC617 previous version, CH140 V3 and CH226 V3 V100R001C00SPC122 previous version, CH220 V3 V100R001C00SPC201 previous version, CH121 V3 and versions earlier than CH222 V3 V100R001C00SPC202

Trust: 2.52

sources: NVD: CVE-2016-6838 // JVNDB: JVNDB-2016-004580 // CNVD: CNVD-2016-07154 // BID: 92503 // VULHUB: VHN-95658

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-07154

AFFECTED PRODUCTS

vendor:	huawei	model:	ch140 v3 server	scope:	eq	version:	v100r001c00	Trust: 1.6
vendor:	huawei	model:	x6800 v3 server	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	ch220 v3 server	scope:	eq	version:	v100r001c00	Trust: 1.6
vendor:	huawei	model:	rh2288 v3 server	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	ch121 v3 server	scope:	eq	version:	v100r001c00	Trust: 1.6
vendor:	huawei	model:	rh1288 v3 server	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	ch226 v3 server	scope:	eq	version:	v100r001c00	Trust: 1.6
vendor:	huawei	model:	xh620 v3 server	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	ch222 v3 server	scope:	eq	version:	v100r001c00	Trust: 1.6
vendor:	huawei	model:	xh620 v100r003c00	scope:	eq	version:	v3	Trust: 0.9
vendor:	huawei	model:	v100r003c00	scope:	eq	version:	x6800	Trust: 0.9
vendor:	huawei	model:	ch121 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ch121 v3	scope:	lt	version:	v100r001c00spc202	Trust: 0.8
vendor:	huawei	model:	ch140 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ch140 v3	scope:	lt	version:	v100r001c00spc122	Trust: 0.8
vendor:	huawei	model:	ch220 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ch220 v3	scope:	lt	version:	v100r001c00spc201	Trust: 0.8
vendor:	huawei	model:	ch222 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ch222 v3	scope:	lt	version:	v100r001c00spc202	Trust: 0.8
vendor:	huawei	model:	ch226 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ch226 v3	scope:	lt	version:	v100r001c00spc122	Trust: 0.8
vendor:	huawei	model:	rh1288 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	rh1288 v3	scope:	lt	version:	v100r003c00spc613	Trust: 0.8
vendor:	huawei	model:	rh2288 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	rh2288 v3	scope:	lt	version:	v100r003c00spc617	Trust: 0.8
vendor:	huawei	model:	x6800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	x6800	scope:	lt	version:	v100r003c00spc606	Trust: 0.8
vendor:	huawei	model:	xh620 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	xh620 v3	scope:	lt	version:	v100r003c00spc606	Trust: 0.8
vendor:	huawei	model:	xh620 v100r003c00spc606	scope:	ne	version:	v3	Trust: 0.3
vendor:	huawei	model:	v100r003c00spc606	scope:	ne	version:	x6800	Trust: 0.3

sources: CNVD: CNVD-2016-07154 // BID: 92503 // JVNDB: JVNDB-2016-004580 // CNNVD: CNNVD-201608-531 // NVD: CVE-2016-6838

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6838
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-6838
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-07154
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201608-531
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-95658
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-6838
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-07154
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-95658
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6838
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-07154 // VULHUB: VHN-95658 // JVNDB: JVNDB-2016-004580 // CNNVD: CNNVD-201608-531 // NVD: CVE-2016-6838

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-310	Trust: 1.9

sources: VULHUB: VHN-95658 // JVNDB: JVNDB-2016-004580 // NVD: CVE-2016-6838

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-531

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201608-531

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004580

PATCH

title:	huawei-sa-20160817-02-server	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en	Trust: 0.8
title:	Patches for multiple Huawei product information disclosure vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/81095	Trust: 0.6
title:	Multiple Huawei Product information disclosure vulnerability repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63829	Trust: 0.6

sources: CNVD: CNVD-2016-07154 // JVNDB: JVNDB-2016-004580 // CNNVD: CNNVD-201608-531

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6838	Trust: 3.4
db:	BID	id:	92503	Trust: 2.6
db:	JVNDB	id:	JVNDB-2016-004580	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-531	Trust: 0.7
db:	CNVD	id:	CNVD-2016-07154	Trust: 0.6
db:	VULHUB	id:	VHN-95658	Trust: 0.1

sources: CNVD: CNVD-2016-07154 // VULHUB: VHN-95658 // BID: 92503 // JVNDB: JVNDB-2016-004580 // CNNVD: CNNVD-201608-531 // NVD: CVE-2016-6838

REFERENCES

url:	http://www.securityfocus.com/bid/92503	Trust: 2.3
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6838	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6838	Trust: 0.8
url:	http://www.huawei.com	Trust: 0.3
url:	http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160817-02-server-en	Trust: 0.3

sources: CNVD: CNVD-2016-07154 // VULHUB: VHN-95658 // BID: 92503 // JVNDB: JVNDB-2016-004580 // CNNVD: CNNVD-201608-531 // NVD: CVE-2016-6838

CREDITS

The vendor reported the issue.

Trust: 0.3

sources: BID: 92503

SOURCES

db:	CNVD	id:	CNVD-2016-07154
db:	VULHUB	id:	VHN-95658
db:	BID	id:	92503
db:	JVNDB	id:	JVNDB-2016-004580
db:	CNNVD	id:	CNNVD-201608-531
db:	NVD	id:	CVE-2016-6838

LAST UPDATE DATE

2025-04-13T23:21:05.945000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-07154	date:	2016-09-04T00:00:00
db:	VULHUB	id:	VHN-95658	date:	2016-09-09T00:00:00
db:	BID	id:	92503	date:	2016-08-31T20:00:00
db:	JVNDB	id:	JVNDB-2016-004580	date:	2016-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201608-531	date:	2016-09-08T00:00:00
db:	NVD	id:	CVE-2016-6838	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-07154	date:	2016-09-04T00:00:00
db:	VULHUB	id:	VHN-95658	date:	2016-09-07T00:00:00
db:	BID	id:	92503	date:	2016-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-004580	date:	2016-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201608-531	date:	2016-08-17T00:00:00
db:	NVD	id:	CVE-2016-6838	date:	2016-09-07T19:28:15.537