CVE-2016-6838

Published Sep 7, 2016

Last updated 9 years ago

CVSS high 7.5

Overview

Description: Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:rh1288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE7DF842-021C-422A-BCE5-17BEE7FAA950"
          },
          {
            "criteria": "cpe:2.3:o:huawei:rh2288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93439764-5BA1-49B0-B337-5C2C62C3A962"
          },
          {
            "criteria": "cpe:2.3:o:huawei:x6800_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7F6B581-FE72-4095-8383-FB67A4C3FBEB"
          },
          {
            "criteria": "cpe:2.3:o:huawei:xh620_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5C5F600-30B6-4098-B0C5-E20A722957A9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:rh1288_v3_server:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CF7BCC07-7475-48F0-BF51-C86B8548AE62"
          },
          {
            "criteria": "cpe:2.3:h:huawei:rh2288_v3_server:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "04129772-90A9-4FD1-935F-08EEF6D06A3B"
          },
          {
            "criteria": "cpe:2.3:h:huawei:x6800_v3_server:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C267CC6A-1550-4F0F-BB94-D0558F3F12A3"
          },
          {
            "criteria": "cpe:2.3:h:huawei:xh620_v3_server:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "51480E77-61B8-4F1B-8FAE-E4ADF3279999"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:ch121_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13639C10-80F3-437D-87CF-02976FF2BAB1"
          },
          {
            "criteria": "cpe:2.3:o:huawei:ch140_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A15B9ABF-817F-49C7-ABA3-AE676D1E9BFD"
          },
          {
            "criteria": "cpe:2.3:o:huawei:ch220_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F63A8BB1-E030-4F35-AD31-7A01C06A8D11"
          },
          {
            "criteria": "cpe:2.3:o:huawei:ch222_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DE7718E-9386-4782-ABCE-A41A5D31C154"
          },
          {
            "criteria": "cpe:2.3:o:huawei:ch226_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB5B7609-8C03-4F11-BD16-9A246EFEDCBB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:ch121_v3_server:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "520A5CF7-9A19-47BB-B48C-CD61CB00D18B"
          },
          {
            "criteria": "cpe:2.3:h:huawei:ch140_v3_server:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F2896B32-695F-4B60-8761-E8C55F5C14CE"
          },
          {
            "criteria": "cpe:2.3:h:huawei:ch220_v3_server:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EAD907B6-5ACC-4AF7-82C4-590A3AA7B97F"
          },
          {
            "criteria": "cpe:2.3:h:huawei:ch222_v3_server:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2B2EB0E3-BB4E-414F-9588-79FF1140F991"
          },
          {
            "criteria": "cpe:2.3:h:huawei:ch226_v3_server:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A6E8C67E-C5BB-47B4-8AEB-1AD35261E7CC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References