Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

VAR-201504-0247

Vulnerability from variot - Updated: 2024-07-23 20:58

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. RC4 is a stream encryption algorithm with variable key length developed by American software developer Ronald Rivest. The algorithm consists of a pseudo-random number generator and an XOR operation, and supports encryption and decryption using the same key. There is a security loophole in the RC4 algorithm used in the TLS protocol and the SSL protocol. The loophole stems from the fact that the program does not correctly combine state data and key data during the initialization phase. A remote attacker can exploit this vulnerability to perform a plaintext-recovery attack on the initialization bytes in the data stream by sniffing specific network traffic and then conducting a brute force attack. HP Service Manager Software versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2015-2808
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

  https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI

d=emr_na-c01345499

RESOLUTION

HPE has made the following mitigation information available to resolve the vulnerability for the impacted versions of HPE Service Manager: https://softw aresupport.hpe.com/group/softwaresupport/search-result/-/facetsearch/document /KM01566352

For versions 9.30, 9.31, 9.32, 9.33, 9.34 please:

Upgrade to SM 9.35.P4 (recommended) or SM 9.34.P5

SM9.35 P4 package, SM 9.35 AIX Server 9.35.4001 p4

https://softwaresupport.hpe.com/km/KM02143332

SM 9.35 HP Itanium Server 9.35.4001 p4

https://softwaresupport.hpe.com/km/KM02143206

SM 9.35 HP Itanium Server for Oracle 12c 9.35.4001 p4

https://softwaresupport.hpe.com/km/KM02143388

SM 9.35 Linux Server 9.35.4001 p4

https://softwaresupport.hpe.com/km/KM02143530

SM 9.35 Solaris Server 9.35.4001 p4

https://softwaresupport.hpe.com/km/KM02143276

SM 9.35 Windows Server 9.35.4001 p4

https://softwaresupport.hpe.com/km/KM02143589

SM 9.34.P5 package, AIX Server 9.34.5003 p5

https://softwaresupport.hpe.com/km/KM02310304

HP Itanium Server 9.34.5003 p5

https://softwaresupport.hpe.com/km/KM02311066

Linux Server 9.34.5003 p5

https://softwaresupport.hpe.com/km/KM02310566

Solaris Server 9.34.5003 p5

https://softwaresupport.hpe.com/km/KM02311656

Windows Server 9.34.5003 p5

https://softwaresupport.hpe.com/km/KM02310486

For version 9.35 please:

Upgrade to SM 9.35.P4

SM9.35 P4 package, SM 9.35 AIX Server 9.35.4001 p4

https://softwaresupport.hpe.com/km/KM02143332

SM 9.35 HP Itanium Server 9.35.4001 p4

https://softwaresupport.hpe.com/km/KM02143206

SM 9.35 HP Itanium Server for Oracle 12c 9.35.4001 p4

https://softwaresupport.hpe.com/km/KM02143388

SM 9.35 Linux Server 9.35.4001 p4

https://softwaresupport.hpe.com/km/KM02143530

SM 9.35 Solaris Server 9.35.4001 p4

https://softwaresupport.hpe.com/km/KM02143276

SM 9.35 Windows Server 9.35.4001 p4

https://softwaresupport.hpe.com/km/KM02143589

For version 9.40 please:

Upgrade to SM 9.41.P3

SM9.41.P3 package, Service Manager 9.41.3016 p3 - Server for AIX

https://softwaresupport.hpe.com/km/KM02236813

Service Manager 9.41.3016 p3 - Server for HP-UX/IA

https://softwaresupport.hpe.com/km/KM02236897

Service Manager 9.41.3016 p3 - Server for Linux

https://softwaresupport.hpe.com/km/KM02236827

Service Manager 9.41.3016 p3 - Server for Solaris

https://softwaresupport.hpe.com/km/KM02236843

Service Manager 9.41.3016 p3 - Server for Windows

https://softwaresupport.hpe.com/km/KM02236929

HISTORY Version:1 (rev.1) - 1 July 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04773004

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04773004 Version: 1

HPSBGN03405 rev.1 - HP Integration Adaptor, Remote Unauthorized Modification, Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-08-25 Last Updated: 2015-08-25

Potential Security Impact: Remote unauthorized modification, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HP Integration Adaptor.

The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification.
The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information.

References:

CVE-2015-4000 - "Logjam" CVE-2015-2808 - "Bar Mitzvah" SSRT102214

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Integration Adaptor v9.12.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-2808 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following mitigation information available to resolve the vulnerability for the impacted versions of HP Integration Adaptor.

Please consult HP Software Support Online (SSO):

https://softwaresupport.hp.com/group/softwaresupport/search-result/-/face

tsearch/document/KM01763510?lang=en&cc=us&hpappid=113963_OSP_PRO_HPE

HISTORY Version:1 (rev.1) - 25 August 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Customers unable to apply the update should contact HPE Support to discuss options. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2015:1230-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1230.html Issue date: 2015-07-15 CVE Names: CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 =====================================================================

Summary:

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

Description:

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733)

A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601)

A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808)

Note: With this update, OpenJDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change.

A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000)

Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change.

It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749)

Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632)

A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625)

All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.

Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher 1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694) 1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865) 1242232 - CVE-2015-2628 OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376) 1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397) 1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405) 1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409) 1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374) 1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853) 1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378) 1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520) 1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715) 1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)

Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.src.rpm

i386: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el5_11.i386.rpm

x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.src.rpm

i386: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el5_11.i386.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el5_11.i386.rpm

x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el5_11.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2015-2590 https://access.redhat.com/security/cve/CVE-2015-2601 https://access.redhat.com/security/cve/CVE-2015-2621 https://access.redhat.com/security/cve/CVE-2015-2625 https://access.redhat.com/security/cve/CVE-2015-2628 https://access.redhat.com/security/cve/CVE-2015-2632 https://access.redhat.com/security/cve/CVE-2015-2808 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/cve/CVE-2015-4731 https://access.redhat.com/security/cve/CVE-2015-4732 https://access.redhat.com/security/cve/CVE-2015-4733 https://access.redhat.com/security/cve/CVE-2015-4748 https://access.redhat.com/security/cve/CVE-2015-4749 https://access.redhat.com/security/cve/CVE-2015-4760 https://access.redhat.com/security/updates/classification/#important https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11 https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFVpljRXlSAg2UNWIIRAl93AJ0bTWDExJ3gT6Vf3jj7gLWm1931JQCfSHwy geoA6gBwA56Ep9ZcHnUCxAU= =qQgk -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

	URL	Tags
	cve@mitre.org	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194370.htm	Vendor Advisory

Vendor	Product	Version
huawei	ar_18-1x	*
huawei	ar_18-2x	*
huawei	ar_18-3x	*
huawei	ar_19\/29\/49	*
huawei	ar_28\/46	*
huawei	s2000	r6305
huawei	s2300	r6305
huawei	s2700	r6305
huawei	s3000	r6305
huawei	s3300	r6305
huawei	s3300hi	r6305
huawei	s3500	r6305
huawei	s3700	r6305
huawei	s3900	r6305
huawei	s5100	r6305
huawei	s5600	r6305
huawei	s7800	r6305
huawei	s8500	r1631
huawei	s8500	r1632

URL	Tags
cret@cert.org	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194373.htm	Vendor Advisory
cret@cert.org	http://www.kb.cert.org/vuls/id/948096	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194373.htm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/948096	US Government Resource

Vendor	Product	Version
huawei	acu	v100r003c01spc100
huawei	acu	v200r001c00
huawei	acu	v200r001c00spc100
huawei	ar_19\/29\/49	*
huawei	ar_g3	v200r001c00
huawei	ar_g3	v200r001c01
huawei	ar_g3	v200r002c00spc200
huawei	atn	v200r001c00
huawei	atn	v200r001c01
huawei	cx200	v100r005
huawei	cx300	v100r005
huawei	cx600	v200r002
huawei	cx600	v600r001
huawei	cx600	v600r002
huawei	cx600	v600r003
huawei	e200_usg2200	*
huawei	e200_usg5100	*
huawei	e200e-b	*
huawei	e200e-c	*
huawei	e200e-usg2100	*
huawei	e200e-x1	*
huawei	e200e-x2	*
huawei	e200x3	*
huawei	e200x5	*
huawei	e200x7	*
huawei	eudemon_8080e	*
huawei	eudemon_8160e	*
huawei	eudemon_usg5300	*
huawei	eudemon_usg5500	*
huawei	eudemon_usg9300	*
huawei	eudemon_usg9500	*
huawei	eudemon1000	*
huawei	eudemon1000e-u	*
huawei	eudemon1000e-x	*
huawei	eudemon100e	v200r007
huawei	eudemon200	v200r001
huawei	eudemon300	*
huawei	eudemon500	*
huawei	eudemon8000e-x	*
huawei	h3c_ar\(oem_in\)	*
huawei	ma5200g	v200r003
huawei	ma5200g	v300r003
huawei	me60	v100r005
huawei	me60	v100r006
huawei	me60	v600r002
huawei	me60	v600r003
huawei	me60	v600r005c00spc600
huawei	ne20	v200r005
huawei	ne20e-x6	v300r005
huawei	ne40	v300r005
huawei	ne40e	v300r005
huawei	ne40e	v600r001
huawei	ne40e\/80e	v600r002
huawei	ne40e\/80e	v600r003
huawei	ne5000e	v300r007
huawei	ne5000e	v800r002
huawei	ne80	v300r005
huawei	ne80e	v600r001
huawei	ne80e	v600r002
huawei	ne80e	v600r003
huawei	nip100	v100r001
huawei	nip1000	v100r001
huawei	nip200	v100r001
huawei	nip2100	v100r001c00
huawei	nip2200	v100r001c00
huawei	nip5100	v100r001c00
huawei	s2300	v100r002
huawei	s2300	v100r003
huawei	s2300	v100r005
huawei	s2300	v100r006
huawei	s2700	v100r006
huawei	s3300	v100r002
huawei	s3300	v100r003
huawei	s3300	v100r005
huawei	s3300	v100r006
huawei	s3300hi	v100r006
huawei	s3300hi	v200r001
huawei	s3700	v100r005
huawei	s3700	v100r006
huawei	s3700	v200r001
huawei	s5300	v100r002
huawei	s5300	v100r003
huawei	s5300	v100r005
huawei	s5300	v100r006
huawei	s5300hi	v100r006
huawei	s5300hi	v200r001
huawei	s5306	v100r006
huawei	s5306	v200r001
huawei	s5700	v100r005
huawei	s5700	v100r006
huawei	s5700	v200r001
huawei	s6300	v100r006
huawei	s6300	v200r001
huawei	s6700	v100r006
huawei	s6700	v200r001
huawei	s7700	v100r003
huawei	s7700	v100r006
huawei	s9300	v100r001
huawei	s9300	v100r002
huawei	s9300	v100r003
huawei	s9300	v100r006
huawei	svn2000	v200r001c00
huawei	svn3000	v100r002c02spc802b041
huawei	svn5000	v200r001c00
huawei	svn5300	v100r001c01b019
huawei	wlan_ac_6605	v200r001c00
huawei	wlan_ac_6605	v200r001c00spc100

Search criteria

22 vulnerabilities found for s3700 by huawei

CVSS 2.0 Base Metrics

CVE-2012-6571 (GCVE-0-2012-6571)

CVE-2012-6569 (GCVE-0-2012-6569)

CVE-2012-6570 (GCVE-0-2012-6570)

CVE-2012-4960 (GCVE-0-2012-4960)

CVE-2012-6571 (GCVE-0-2012-6571)

CVE-2012-6569 (GCVE-0-2012-6569)

CVE-2012-6570 (GCVE-0-2012-6570)

CVE-2012-4960 (GCVE-0-2012-4960)