Vulnerabilites related to Huawei Technologies Co., Ltd. - eSpace 7950
cve-2018-7960
Vulnerability from cvelistv5
Published
2018-11-27 22:00
Modified
2024-08-05 06:37
Severity ?
Summary
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak.
Impacted products
Vendor Product Version
Huawei Technologies Co., Ltd. eSpace 7950 Version: V200R003C30
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:37:59.756Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "eSpace 7950",
               vendor: "Huawei Technologies Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "V200R003C30",
                  },
               ],
            },
         ],
         datePublic: "2018-11-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "information leakage",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-11-27T21:57:01",
            orgId: "25ac1063-e409-4190-8079-24548c77ea2e",
            shortName: "huawei",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@huawei.com",
               ID: "CVE-2018-7960",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "eSpace 7950",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "V200R003C30",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Huawei Technologies Co., Ltd.",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "information leakage",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en",
                     refsource: "CONFIRM",
                     url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "25ac1063-e409-4190-8079-24548c77ea2e",
      assignerShortName: "huawei",
      cveId: "CVE-2018-7960",
      datePublished: "2018-11-27T22:00:00",
      dateReserved: "2018-03-09T00:00:00",
      dateUpdated: "2024-08-05T06:37:59.756Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-7958
Vulnerability from cvelistv5
Published
2018-11-27 22:00
Modified
2024-08-05 06:37
Severity ?
Summary
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.
Impacted products
Vendor Product Version
Huawei Technologies Co., Ltd. eSpace 7950 Version: V200R003C30
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:37:59.643Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-espace-en",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "eSpace 7950",
               vendor: "Huawei Technologies Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "V200R003C30",
                  },
               ],
            },
         ],
         datePublic: "2018-11-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "anonymous TLS cipher suites supported",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-11-27T21:57:01",
            orgId: "25ac1063-e409-4190-8079-24548c77ea2e",
            shortName: "huawei",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-espace-en",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@huawei.com",
               ID: "CVE-2018-7958",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "eSpace 7950",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "V200R003C30",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Huawei Technologies Co., Ltd.",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "anonymous TLS cipher suites supported",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-espace-en",
                     refsource: "CONFIRM",
                     url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-espace-en",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "25ac1063-e409-4190-8079-24548c77ea2e",
      assignerShortName: "huawei",
      cveId: "CVE-2018-7958",
      datePublished: "2018-11-27T22:00:00",
      dateReserved: "2018-03-09T00:00:00",
      dateUpdated: "2024-08-05T06:37:59.643Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-7959
Vulnerability from cvelistv5
Published
2018-11-27 22:00
Modified
2024-08-05 06:37
Severity ?
Summary
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak.
Impacted products
Vendor Product Version
Huawei Technologies Co., Ltd. eSpace 7950 Version: V200R003C30
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:37:59.691Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "eSpace 7950",
               vendor: "Huawei Technologies Co., Ltd.",
               versions: [
                  {
                     status: "affected",
                     version: "V200R003C30",
                  },
               ],
            },
         ],
         datePublic: "2018-11-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "information leakage",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-11-27T21:57:01",
            orgId: "25ac1063-e409-4190-8079-24548c77ea2e",
            shortName: "huawei",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@huawei.com",
               ID: "CVE-2018-7959",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "eSpace 7950",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "V200R003C30",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Huawei Technologies Co., Ltd.",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "information leakage",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en",
                     refsource: "CONFIRM",
                     url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "25ac1063-e409-4190-8079-24548c77ea2e",
      assignerShortName: "huawei",
      cveId: "CVE-2018-7959",
      datePublished: "2018-11-27T22:00:00",
      dateReserved: "2018-03-09T00:00:00",
      dateUpdated: "2024-08-05T06:37:59.691Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}