CVE-2016-6838

{"id": "CVE-2016-6838", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2016-09-07T19:28:15.537", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/92503", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm."}, {"lang": "es", "value": "Servidores Huawei X6800 y XH620 V3 con software en versiones anteriores a V100R003C00SPC606, servidores RH1288 V3 con software en versiones anteriores a V100R003C00SPC613, servidores RH2288 V3 con software en versiones anteriores a V100R003C00SPC617, CH140 V3 y servidores CH226 V3 con software en versiones anteriores a V100R001C00SPC122, servidores CH220 V3 con software en versiones anteriores a V100R001C00SPC201 y CH121 V3 y servidores CH222 V3 con software en versiones anteriores a V100R001C00SPC202 podr\u00eda permitir a atacantes remotos desencripar datos encriptados y, consecuentemente, obtener informaci\u00f3n sensible mediante el aprovechamiento de la selecci\u00f3n de un algoritmo de encriptaci\u00f3n SSH inseguro."}], "lastModified": "2016-09-09T03:15:13.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:rh1288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE7DF842-021C-422A-BCE5-17BEE7FAA950"}, {"criteria": "cpe:2.3:o:huawei:rh2288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93439764-5BA1-49B0-B337-5C2C62C3A962"}, {"criteria": "cpe:2.3:o:huawei:x6800_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7F6B581-FE72-4095-8383-FB67A4C3FBEB"}, {"criteria": "cpe:2.3:o:huawei:xh620_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5C5F600-30B6-4098-B0C5-E20A722957A9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:rh1288_v3_server:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CF7BCC07-7475-48F0-BF51-C86B8548AE62"}, {"criteria": "cpe:2.3:h:huawei:rh2288_v3_server:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "04129772-90A9-4FD1-935F-08EEF6D06A3B"}, {"criteria": "cpe:2.3:h:huawei:x6800_v3_server:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C267CC6A-1550-4F0F-BB94-D0558F3F12A3"}, {"criteria": "cpe:2.3:h:huawei:xh620_v3_server:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51480E77-61B8-4F1B-8FAE-E4ADF3279999"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ch121_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13639C10-80F3-437D-87CF-02976FF2BAB1"}, {"criteria": "cpe:2.3:o:huawei:ch140_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A15B9ABF-817F-49C7-ABA3-AE676D1E9BFD"}, {"criteria": "cpe:2.3:o:huawei:ch220_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F63A8BB1-E030-4F35-AD31-7A01C06A8D11"}, {"criteria": "cpe:2.3:o:huawei:ch222_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DE7718E-9386-4782-ABCE-A41A5D31C154"}, {"criteria": "cpe:2.3:o:huawei:ch226_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB5B7609-8C03-4F11-BD16-9A246EFEDCBB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ch121_v3_server:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "520A5CF7-9A19-47BB-B48C-CD61CB00D18B"}, {"criteria": "cpe:2.3:h:huawei:ch140_v3_server:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F2896B32-695F-4B60-8761-E8C55F5C14CE"}, {"criteria": "cpe:2.3:h:huawei:ch220_v3_server:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EAD907B6-5ACC-4AF7-82C4-590A3AA7B97F"}, {"criteria": "cpe:2.3:h:huawei:ch222_v3_server:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B2EB0E3-BB4E-414F-9588-79FF1140F991"}, {"criteria": "cpe:2.3:h:huawei:ch226_v3_server:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A6E8C67E-C5BB-47B4-8AEB-1AD35261E7CC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}