CVE-2016-6670
https://notcve.org/view.php?id=CVE-2016-6670
Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a certificate. Dispositivos Huawei S7700, S9300, S9700 y S12700 con software en versiones anteriores a V200R008C00SPC500 utiliza números aleatorios con entropía insuficiente para generar certificados con auto-firma, lo que facilita a atacantes remotos descubrir claves privadas mediante el aprovechamiento del conocimiento un certificado. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-certificate-en http://www.securityfocus.com/bid/92438 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-8676
https://notcve.org/view.php?id=CVE-2015-8676
Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus series switches with software V200R001C00 before V200R001SPH023, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote attackers to cause a denial of service (memory consumption and reboot) via a large number of ICMPv6 packets. Fuga de memoria en switches Huawei de la serie Campus S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI y S5300LI con software V200R001C00 en versiones anteriores a V200R001SPH018, V200R002C00 en versiones anteriores a V200R003SPH011 y V200R003C00 en versiones anteriores a V200R003SPH011; switches de la serie Campus S9300, S7700 y S9700 con software V200R001C00 en versiones anteriores a V200R001SPH023, V200R002C00 en versiones anteriores a V200R003SPH011 y V200R003C00 en versiones anteriores a V200R003SPH011; y switches de la serie Campus S2300 y S3300 con software V100R006C05 en versiones anteriores a V100R006SPH022 permite a atacantes remotos causar una denegación de servicio (consumo de memoria y reinicio) a través de un gran número de paquetes ICMPv6. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-02-switch-en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •
CVE-2015-8677
https://notcve.org/view.php?id=CVE-2015-8677
Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information. Fuga de memoria en switches Huawei de la serie Campus S5300EI, S5300SI, S5310HI y S6300EI con software V200R003C00 en versiones anteriores a V200R003SPH011 y V200R005C00 en versiones anteriores a V200R005SPH008; switches de la serie Campus S2350EI y S5300LI con software V200R003C00 en versiones anteriores a V200R003SPH011, V200R005C00 en versiones anteriores a V200R005SPH008 y V200R006C00 en versiones anteriores a V200R006SPH002; switches de la serie Campus S9300, S7700 y S9700 con software V200R003C00 en versiones anteriores a V200R003SPH011, V200R005C00 en versiones anteriores a V200R005SPH009 y V200R006C00 en versiones anteriores a V200R006SPH003; switches de la serie Campus S5720HI y S5720EI con software V200R006C00 en versiones anteriores a V200R006SPH002; y switches de la serie Campus S2300 y S3300 con software V100R006C05 en versiones anteriores a V100R006SPH022 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de memoria y reinicio de dispositivo) iniciando sesión y cerrándola en el servidor (1) HTTPS o (2) SFTP, relacionada con la información de sesión SSL. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-03-switch-en • CWE-399: Resource Management Errors •
CVE-2016-3678
https://notcve.org/view.php?id=CVE-2016-3678
Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic. Switches Huawei Quidway S9700, S5700, S5300, S9300 y S7700 con software en versiones anteriores a V200R003SPH012 permite a atacantes remotos provocar una denegación de servicio (reinicio de switch) a través de tráfico manipulado. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-switch-en • CWE-20: Improper Input Validation •
CVE-2015-2808 – SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
https://notcve.org/view.php?id=CVE-2015-2808
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. El algoritmo RC4, utilizado en el protocolo TLS y el protocolo SSL, no combina correctamente los datos de estados con los datos de claves durante la fase de inicialización, lo que facilita a atacantes remotos realizar ataques de recuperación de texto claro contra los bytes iniciales de un flujo mediante la captura de trafico de la red que ocasionalmente depende de claves afectadas por la debilidad de la invariabilidad (Invariance Weakness), y posteriormente utilizar un acercamiento de fuerza bruta que involucra valores LSB, también conocido como el problema de 'Bar Mitzvah'. • http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •