CVE-2017-8157 - OpenCVE

OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Oceanstor 5800 V3 Firmware Oceanstor 6900 V3 Firmware Oceanstor 6900 V3 Oceanstor 5800 V3

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:oceanstor_5800_v3_firmware:v300r002c00:::::::*
	cpe:2.3:o:huawei:oceanstor_5800_v3_firmware:v300r002c10:::::::*

cpe:2.3:h:huawei:oceanstor_5800_v3:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:oceanstor_6900_v3_firmware:v300r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_6900_v3:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2017-11-15T00:00:00

Updated: 2017-11-22T18:57:01

Reserved: 2017-04-25T00:00:00

Link: CVE-2017-8157

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-11-22T19:29:03.617

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-8157

JSON object: View

Redhat Information

No data.

CWE

CWE-327

{"containers": {"cna": {"affected": [{"product": "OceanStor 5800 V3, OceanStor 6900 V3", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information."}], "problemTypes": [{"descriptions": [{"description": "information leakage", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-22T18:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2017-8157", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OceanStor 5800 V3, OceanStor 6900 V3", "version": {"version_data": [{"version_value": "OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information leakage"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-8157", "datePublished": "2017-11-15T00:00:00", "dateReserved": "2017-04-25T00:00:00", "dateUpdated": "2017-11-22T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:oceanstor_5800_v3_firmware:v300r002c00:*:*:*:*:*:*:*", "matchCriteriaId": "F238EE9F-FDA9-4A95-84DA-CE2A5E8D3F1B", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:oceanstor_5800_v3_firmware:v300r002c10:*:*:*:*:*:*:*", "matchCriteriaId": "7CC607F8-2E3C-4B6C-AA44-A3FD66644D93", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:oceanstor_5800_v3:-:*:*:*:*:*:*:*", "matchCriteriaId": "524A38D1-1A6A-4969-8DAB-D7A3809F0E62", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:oceanstor_6900_v3_firmware:v300r001c00:*:*:*:*:*:*:*", "matchCriteriaId": "3B3DCBCB-33A8-46E8-944C-3CFAE33BF390", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:oceanstor_6900_v3:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFF2739C-77B6-48A9-AB95-4B4F9BF87F72", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information."}, {"lang": "es", "value": "OceanStor 5800 V3 con software V300R002C00 y V300R002C10, OceanStor 6900 V3 V300R001C00 tiene una vulnerabilidad de fuga de informaci\u00f3n. Los productos utilizan TLS1.0 para cifrar. Los atacantes podr\u00edan explotar las vulnerabilidades del TLS1.0 para descifrar datos y as\u00ed obtener informaci\u00f3n sensible."}], "id": "CVE-2017-8157", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-22T19:29:03.617", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}