CVE-2017-8157 - Vulnerability Details - OpenCVE

OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Oceanstor 5800 V3 Oceanstor 5800 V3 Firmware Oceanstor 6900 V3 Oceanstor 6900 V3 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:oceanstor_5800_v3_firmware:v300r002c00:::::::*
	cpe:2.3:o:huawei:oceanstor_5800_v3_firmware:v300r002c10:::::::*

cpe:2.3:h:huawei:oceanstor_5800_v3:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:oceanstor_6900_v3_firmware:v300r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_6900_v3:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2017-11-22T19:00:00Z

Updated: 2024-09-16T18:55:14.643Z

Reserved: 2017-04-25T00:00:00

Link: CVE-2017-8157

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-11-22T19:29:03.617

Modified: 2024-11-21T03:33:26.087

Link: CVE-2017-8157

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "OceanStor 5800 V3, OceanStor 6900 V3", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information."}], "problemTypes": [{"descriptions": [{"description": "information leakage", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-22T18:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2017-8157", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OceanStor 5800 V3, OceanStor 6900 V3", "version": {"version_data": [{"version_value": "OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information leakage"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:27:22.887Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-8157", "datePublished": "2017-11-22T19:00:00Z", "dateReserved": "2017-04-25T00:00:00", "dateUpdated": "2024-09-16T18:55:14.643Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:oceanstor_5800_v3_firmware:v300r002c00:*:*:*:*:*:*:*", "matchCriteriaId": "F238EE9F-FDA9-4A95-84DA-CE2A5E8D3F1B", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:oceanstor_5800_v3_firmware:v300r002c10:*:*:*:*:*:*:*", "matchCriteriaId": "7CC607F8-2E3C-4B6C-AA44-A3FD66644D93", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:oceanstor_5800_v3:-:*:*:*:*:*:*:*", "matchCriteriaId": "524A38D1-1A6A-4969-8DAB-D7A3809F0E62", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:oceanstor_6900_v3_firmware:v300r001c00:*:*:*:*:*:*:*", "matchCriteriaId": "3B3DCBCB-33A8-46E8-944C-3CFAE33BF390", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:oceanstor_6900_v3:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFF2739C-77B6-48A9-AB95-4B4F9BF87F72", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information."}, {"lang": "es", "value": "OceanStor 5800 V3 con software V300R002C00 y V300R002C10, OceanStor 6900 V3 V300R001C00 tiene una vulnerabilidad de fuga de informaci\u00f3n. Los productos utilizan TLS1.0 para cifrar. Los atacantes podr\u00edan explotar las vulnerabilidades del TLS1.0 para descifrar datos y as\u00ed obtener informaci\u00f3n sensible."}], "id": "CVE-2017-8157", "lastModified": "2024-11-21T03:33:26.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-22T19:29:03.617", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}