Vulnerabilites related to Huawei Technologies Co., Ltd. - eSpace 7950
cve-2018-7960
Vulnerability from cvelistv5
Published
2018-11-27 22:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak.
References
▼ | URL | Tags |
---|---|---|
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Huawei Technologies Co., Ltd. | eSpace 7950 |
Version: V200R003C30 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:37:59.756Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "eSpace 7950", vendor: "Huawei Technologies Co., Ltd.", versions: [ { status: "affected", version: "V200R003C30", }, ], }, ], datePublic: "2018-11-14T00:00:00", descriptions: [ { lang: "en", value: "There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak.", }, ], problemTypes: [ { descriptions: [ { description: "information leakage", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-27T21:57:01", orgId: "25ac1063-e409-4190-8079-24548c77ea2e", shortName: "huawei", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@huawei.com", ID: "CVE-2018-7960", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "eSpace 7950", version: { version_data: [ { version_value: "V200R003C30", }, ], }, }, ], }, vendor_name: "Huawei Technologies Co., Ltd.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "information leakage", }, ], }, ], }, references: { reference_data: [ { name: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en", refsource: "CONFIRM", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "25ac1063-e409-4190-8079-24548c77ea2e", assignerShortName: "huawei", cveId: "CVE-2018-7960", datePublished: "2018-11-27T22:00:00", dateReserved: "2018-03-09T00:00:00", dateUpdated: "2024-08-05T06:37:59.756Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-7958
Vulnerability from cvelistv5
Published
2018-11-27 22:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.
References
▼ | URL | Tags |
---|---|---|
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-espace-en | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Huawei Technologies Co., Ltd. | eSpace 7950 |
Version: V200R003C30 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:37:59.643Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-espace-en", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "eSpace 7950", vendor: "Huawei Technologies Co., Ltd.", versions: [ { status: "affected", version: "V200R003C30", }, ], }, ], datePublic: "2018-11-14T00:00:00", descriptions: [ { lang: "en", value: "There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.", }, ], problemTypes: [ { descriptions: [ { description: "anonymous TLS cipher suites supported", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-27T21:57:01", orgId: "25ac1063-e409-4190-8079-24548c77ea2e", shortName: "huawei", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-espace-en", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@huawei.com", ID: "CVE-2018-7958", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "eSpace 7950", version: { version_data: [ { version_value: "V200R003C30", }, ], }, }, ], }, vendor_name: "Huawei Technologies Co., Ltd.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "anonymous TLS cipher suites supported", }, ], }, ], }, references: { reference_data: [ { name: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-espace-en", refsource: "CONFIRM", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-espace-en", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "25ac1063-e409-4190-8079-24548c77ea2e", assignerShortName: "huawei", cveId: "CVE-2018-7958", datePublished: "2018-11-27T22:00:00", dateReserved: "2018-03-09T00:00:00", dateUpdated: "2024-08-05T06:37:59.643Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-7959
Vulnerability from cvelistv5
Published
2018-11-27 22:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak.
References
▼ | URL | Tags |
---|---|---|
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Huawei Technologies Co., Ltd. | eSpace 7950 |
Version: V200R003C30 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:37:59.691Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "eSpace 7950", vendor: "Huawei Technologies Co., Ltd.", versions: [ { status: "affected", version: "V200R003C30", }, ], }, ], datePublic: "2018-11-14T00:00:00", descriptions: [ { lang: "en", value: "There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak.", }, ], problemTypes: [ { descriptions: [ { description: "information leakage", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-27T21:57:01", orgId: "25ac1063-e409-4190-8079-24548c77ea2e", shortName: "huawei", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@huawei.com", ID: "CVE-2018-7959", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "eSpace 7950", version: { version_data: [ { version_value: "V200R003C30", }, ], }, }, ], }, vendor_name: "Huawei Technologies Co., Ltd.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "information leakage", }, ], }, ], }, references: { reference_data: [ { name: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en", refsource: "CONFIRM", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "25ac1063-e409-4190-8079-24548c77ea2e", assignerShortName: "huawei", cveId: "CVE-2018-7959", datePublished: "2018-11-27T22:00:00", dateReserved: "2018-03-09T00:00:00", dateUpdated: "2024-08-05T06:37:59.691Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }