Details of VAR-201711-0994

ID

VAR-201711-0994

CVE

CVE-2017-8157

TITLE

OceanStor 5800 V3 and OceanStor 6900 V3 Software vulnerabilities related to cryptography

Trust: 0.8

sources: JVNDB: JVNDB-2017-010812

DESCRIPTION

OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information. The Huawei OceanStor 5800 and the OceanStor 6900 are both Huawei's storage systems for mid- to high-end storage. The vulnerability is due to the transmission encryption of the product using TLS 1.0

Trust: 2.25

sources: NVD: CVE-2017-8157 // JVNDB: JVNDB-2017-010812 // CNVD: CNVD-2017-34439 // VULHUB: VHN-116360

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-34439

AFFECTED PRODUCTS

vendor:	huawei	model:	oceanstor 5800 v3	scope:	eq	version:	v300r002c00	Trust: 2.4
vendor:	huawei	model:	oceanstor 5800 v3	scope:	eq	version:	v300r002c10	Trust: 2.4
vendor:	huawei	model:	oceanstor 6900 v3	scope:	eq	version:	v300r001c00	Trust: 2.4
vendor:	huawei	model:	oceanstor v300r002c10	scope:	eq	version:	5800v3	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r002c00	scope:	eq	version:	5800v3	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r001c00	scope:	eq	version:	6900v3	Trust: 0.6

sources: CNVD: CNVD-2017-34439 // JVNDB: JVNDB-2017-010812 // CNNVD: CNNVD-201711-974 // NVD: CVE-2017-8157

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8157
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-8157
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-34439
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201711-974
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-116360
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-8157
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-34439
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-116360
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-8157
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-34439 // VULHUB: VHN-116360 // JVNDB: JVNDB-2017-010812 // CNNVD: CNNVD-201711-974 // NVD: CVE-2017-8157

PROBLEMTYPE DATA

problemtype:	CWE-327	Trust: 1.1
problemtype:	CWE-310	Trust: 0.9

sources: VULHUB: VHN-116360 // JVNDB: JVNDB-2017-010812 // NVD: CVE-2017-8157

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-974

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201711-974

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010812

PATCH

title:	huawei-sa-20170920-01-oceanstor	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en	Trust: 0.8
title:	HuaweiOceanStor Product Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/106322	Trust: 0.6
title:	Huawei OceanStor 5800 V3 and OceanStor 6900 V3 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76684	Trust: 0.6

sources: CNVD: CNVD-2017-34439 // JVNDB: JVNDB-2017-010812 // CNNVD: CNNVD-201711-974

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8157	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-010812	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-974	Trust: 0.7
db:	CNVD	id:	CNVD-2017-34439	Trust: 0.6
db:	VULHUB	id:	VHN-116360	Trust: 0.1

sources: CNVD: CNVD-2017-34439 // VULHUB: VHN-116360 // JVNDB: JVNDB-2017-010812 // CNNVD: CNNVD-201711-974 // NVD: CVE-2017-8157

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8157	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8157	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170920-01-oceanstor-cn	Trust: 0.6

sources: CNVD: CNVD-2017-34439 // VULHUB: VHN-116360 // JVNDB: JVNDB-2017-010812 // CNNVD: CNNVD-201711-974 // NVD: CVE-2017-8157

SOURCES

db:	CNVD	id:	CNVD-2017-34439
db:	VULHUB	id:	VHN-116360
db:	JVNDB	id:	JVNDB-2017-010812
db:	CNNVD	id:	CNNVD-201711-974
db:	NVD	id:	CVE-2017-8157

LAST UPDATE DATE

2025-04-20T23:15:50.539000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-34439	date:	2017-11-17T00:00:00
db:	VULHUB	id:	VHN-116360	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-010812	date:	2017-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201711-974	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-8157	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-34439	date:	2017-11-17T00:00:00
db:	VULHUB	id:	VHN-116360	date:	2017-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-010812	date:	2017-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201711-974	date:	2017-11-23T00:00:00
db:	NVD	id:	CVE-2017-8157	date:	2017-11-22T19:29:03.617