CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7958
https://notcve.org/view.php?id=CVE-2018-7958
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information. Hay una vulnerabilidad de suites de cifrado TLS anónimas soportadas en el producto Huawei eSpace. Un atacante remoto no autenticado lanza un ataque Man-in-the-Middle (MitM) para secuestrar la conexión desde un cliente cuando el usuario inicia sesión para conectarse mediante TLS. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-espace-en • CWE-287: Improper Authentication •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7959
https://notcve.org/view.php?id=CVE-2018-7959
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak. Hay una vulnerabilidad de clave corta en el producto Huawei eSpace. Un atacante remoto no autenticado lanza un ataque Man-in-the-Middle (MitM) para interceptar y descifrar la información de llamada cuando el usuario habilita SRTP para realizar una llamada. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0CVE-2017-17174
https://notcve.org/view.php?id=CVE-2017-17174
Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key and the previously captured sessions by some cryptanalytic operations. Successful exploit may cause information leak. Algunos productos Huawei RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30 y V200R003C50 tienen una vulnerabilidad de algoritmo débil. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180703-01-algorithm-en • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 33EXPL: 0CVE-2017-15323
https://notcve.org/view.php?id=CVE-2017-15323
Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, V500R001C30, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, TE60 V100R001C01, V100R001C10, V100R003C00, V500R002C00, V600R006C00, TP3106 V100R001C06, V100R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eCNS210_TD V100R004C10, eSpace U1981 V200R003C30 have a DoS vulnerability caused by memory exhaustion in some Huawei products. For lacking of adequate input validation, attackers can craft and send some malformed messages to the target device to exhaust the memory of the device and cause a Denial of Service (DoS). Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, V500R001C30, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, TE60 V100R001C01, V100R001C10, V100R003C00, V500R002C00, V600R006C00, TP3106 V100R001C06, V100R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eCNS210_TD V100R004C10 y eSpace U1981 V200R003C30 tienen una vulnerabilidad de denegación de servicio (DoS) provocada por el agotamiento de memoria en algunos productos Huawei. Dada la falta de validación de entradas adecuada, los atacantes pueden manipular y enviar mensajes mal formados al dispositivo objetivo para agotar su memoria y provocar una denegación de servicio (DoS). • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-pse-en • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-17223
https://notcve.org/view.php?id=CVE-2017-17223
Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash. Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30 y eSpace 8950 V200R003C00 y V200R003C30 tienen una vulnerabilidad de salto de directorio. Un atacante remoto autenticado podría manipular un archivo URL específicas en los productos afectados. • http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-en • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •