CVE-2018-7958
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.
Hay una vulnerabilidad de suites de cifrado TLS anónimas soportadas en el producto Huawei eSpace. Un atacante remoto no autenticado lanza un ataque Man-in-the-Middle (MitM) para secuestrar la conexión desde un cliente cuando el usuario inicia sesión para conectarse mediante TLS. Debido a la autenticación insuficiente, esto podría explotarse para interceptar y manipular la información de los datos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-03-09 CVE Reserved
- 2018-11-27 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-espace-en | 2018-12-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Huawei Search vendor "Huawei" | Espace 7950 Firmware Search vendor "Huawei" for product "Espace 7950 Firmware" | v200r003c30 Search vendor "Huawei" for product "Espace 7950 Firmware" and version "v200r003c30" | - |
Affected
| in | Huawei Search vendor "Huawei" | Espace 7950 Search vendor "Huawei" for product "Espace 7950" | - | - |
Safe
|