cnvd - cnvd-2020-02175

CNVD-2020-02175

Vulnerability from cnvd - Published: 2020-01-14

Title

Huawei CloudEngine 12800、S5700和S6700弱算法漏洞

Description

Huawei CloudEngine 12800等都是中国华为（Huawei）公司的产品。Huawei CloudEngine 12800是一款12800系列数据中心交换机。Huawei S5700是一款企业级交换机产品。Huawei S6700是一款企业级交换机产品。 Huawei CloudEngine 12800、S5700和S6700中存在安全漏洞，该漏洞源于SSL密钥交换算法列表中使用了较弱的RSA算法。攻击者可利用该漏洞获取信息。

Severity

低

Patch Name

Huawei CloudEngine 12800、S5700和S6700弱算法漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200108-01-rsa-cn

Reference

https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200108-01-rsa-cn

Impacted products

Name
['Huawei CloudEngine 12800 V100R006C00', 'Huawei CloudEngine 12800 V200R001C00', 'Huawei S6700 V200R005C01', 'Huawei CloudEngine 12800 V200R005C10', 'Huawei S5700 V200R005C03', 'Huawei CloudEngine 12800 V200R002C10', 'Huawei CloudEngine 12800 V200R002C20', 'Huawei S5700 V200R005C00SPC500', 'Huawei S5700 V200R006C00SPC100', 'Huawei S5700 V200R006C00SPC300', 'Huawei S5700 V200R006C00SPC500', 'Huawei S5700 V200R007C00SPC100', 'Huawei S5700 V200R007C00SPC500', 'Huawei S6700 V200R005C00SPC500', 'Huawei CloudEngine 12800 V200R002C01', 'Huawei CloudEngine 12800 V100R003C00SPC600', 'Huawei CloudEngine 12800 V100R003C10SPC100', 'Huawei CloudEngine 12800 V100R005C00SPC200', 'Huawei CloudEngine 12800 V100R005C00SPC300', 'Huawei CloudEngine 12800 V100R005C10HP0001', 'Huawei CloudEngine 12800 V100R005C10SPC100', 'Huawei CloudEngine 12800 V100R005C10SPC200']

Name

['Huawei CloudEngine 12800 V100R006C00', 'Huawei CloudEngine 12800 V200R001C00', 'Huawei S6700 V200R005C01', 'Huawei CloudEngine 12800 V200R005C10', 'Huawei S5700 V200R005C03', 'Huawei CloudEngine 12800 V200R002C10', 'Huawei CloudEngine 12800 V200R002C20', 'Huawei S5700 V200R005C00SPC500', 'Huawei S5700 V200R006C00SPC100', 'Huawei S5700 V200R006C00SPC300', 'Huawei S5700 V200R006C00SPC500', 'Huawei S5700 V200R007C00SPC100', 'Huawei S5700 V200R007C00SPC500', 'Huawei S6700 V200R005C00SPC500', 'Huawei CloudEngine 12800 V200R002C01', 'Huawei CloudEngine 12800 V100R003C00SPC600', 'Huawei CloudEngine 12800 V100R003C10SPC100', 'Huawei CloudEngine 12800 V100R005C00SPC200', 'Huawei CloudEngine 12800 V100R005C00SPC300', 'Huawei CloudEngine 12800 V100R005C10HP0001', 'Huawei CloudEngine 12800 V100R005C10SPC100', 'Huawei CloudEngine 12800 V100R005C10SPC200']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1810"
    }
  },
  "description": "Huawei CloudEngine 12800\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Huawei CloudEngine 12800\u662f\u4e00\u6b3e12800\u7cfb\u5217\u6570\u636e\u4e2d\u5fc3\u4ea4\u6362\u673a\u3002Huawei S5700\u662f\u4e00\u6b3e\u4f01\u4e1a\u7ea7\u4ea4\u6362\u673a\u4ea7\u54c1\u3002Huawei S6700\u662f\u4e00\u6b3e\u4f01\u4e1a\u7ea7\u4ea4\u6362\u673a\u4ea7\u54c1\u3002\n\nHuawei CloudEngine 12800\u3001S5700\u548cS6700\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eSSL\u5bc6\u94a5\u4ea4\u6362\u7b97\u6cd5\u5217\u8868\u4e2d\u4f7f\u7528\u4e86\u8f83\u5f31\u7684RSA\u7b97\u6cd5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200108-01-rsa-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-02175",
  "openTime": "2020-01-14",
  "patchDescription": "Huawei CloudEngine 12800\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Huawei CloudEngine 12800\u662f\u4e00\u6b3e12800\u7cfb\u5217\u6570\u636e\u4e2d\u5fc3\u4ea4\u6362\u673a\u3002Huawei S5700\u662f\u4e00\u6b3e\u4f01\u4e1a\u7ea7\u4ea4\u6362\u673a\u4ea7\u54c1\u3002Huawei S6700\u662f\u4e00\u6b3e\u4f01\u4e1a\u7ea7\u4ea4\u6362\u673a\u4ea7\u54c1\u3002\r\n\r\nHuawei CloudEngine 12800\u3001S5700\u548cS6700\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eSSL\u5bc6\u94a5\u4ea4\u6362\u7b97\u6cd5\u5217\u8868\u4e2d\u4f7f\u7528\u4e86\u8f83\u5f31\u7684RSA\u7b97\u6cd5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei CloudEngine 12800\u3001S5700\u548cS6700\u5f31\u7b97\u6cd5\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei CloudEngine 12800 V100R006C00",
      "Huawei CloudEngine 12800 V200R001C00",
      "Huawei S6700 V200R005C01",
      "Huawei CloudEngine 12800 V200R005C10",
      "Huawei S5700 V200R005C03",
      "Huawei CloudEngine 12800 V200R002C10",
      "Huawei CloudEngine 12800 V200R002C20",
      "Huawei S5700 V200R005C00SPC500",
      "Huawei S5700 V200R006C00SPC100",
      "Huawei S5700 V200R006C00SPC300",
      "Huawei S5700 V200R006C00SPC500",
      "Huawei S5700 V200R007C00SPC100",
      "Huawei S5700 V200R007C00SPC500",
      "Huawei S6700 V200R005C00SPC500",
      "Huawei CloudEngine 12800 V200R002C01",
      "Huawei CloudEngine 12800 V100R003C00SPC600",
      "Huawei CloudEngine 12800 V100R003C10SPC100",
      "Huawei CloudEngine 12800 V100R005C00SPC200",
      "Huawei CloudEngine 12800 V100R005C00SPC300",
      "Huawei CloudEngine 12800 V100R005C10HP0001",
      "Huawei CloudEngine 12800 V100R005C10SPC100",
      "Huawei CloudEngine 12800 V100R005C10SPC200"
    ]
  },
  "referenceLink": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200108-01-rsa-cn",
  "serverity": "\u4f4e",
  "submitTime": "2020-01-10",
  "title": "Huawei CloudEngine 12800\u3001S5700\u548cS6700\u5f31\u7b97\u6cd5\u6f0f\u6d1e"
}

CVE-2020-1810 (GCVE-0-2020-1810)

Vulnerability from cvelistv5 – Published: 2020-01-09 17:44 – Updated: 2024-08-04 06:46

Summary

There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information.

Severity ?

No CVSS data available.

CWE

Weak Algorithm

Assigner

huawei

References

URL

Tags

https://www.huawei.com/en/psirt/security-advisori…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	CloudEngine 12800;S5700;S6700	Affected: V100R003C00SPC600,V100R003C10SPC100,V100R005C00SPC200,V100R005C00SPC300,V100R005C10HP0001,V100R005C10SPC100,V100R005C10SPC200,V100R006C00,V200R001C00,V200R002C01,V200R002C10,V200R002C20,V200R005C10 Affected: V200R005C00SPC500,V200R005C03,V200R006C00SPC100,V200R006C00SPC300,V200R006C00SPC500,V200R007C00SPC100,V200R007C00SPC500 Affected: V200R005C00SPC500,V200R005C01

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:46:30.887Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CloudEngine 12800;S5700;S6700",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "V100R003C00SPC600,V100R003C10SPC100,V100R005C00SPC200,V100R005C00SPC300,V100R005C10HP0001,V100R005C10SPC100,V100R005C10SPC200,V100R006C00,V200R001C00,V200R002C01,V200R002C10,V200R002C20,V200R005C10"
            },
            {
              "status": "affected",
              "version": "V200R005C00SPC500,V200R005C03,V200R006C00SPC100,V200R006C00SPC300,V200R006C00SPC500,V200R007C00SPC100,V200R007C00SPC500"
            },
            {
              "status": "affected",
              "version": "V200R005C00SPC500,V200R005C01"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Weak Algorithm",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-21T23:00:44",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2020-1810",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CloudEngine 12800;S5700;S6700",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V100R003C00SPC600,V100R003C10SPC100,V100R005C00SPC200,V100R005C00SPC300,V100R005C10HP0001,V100R005C10SPC100,V100R005C10SPC200,V100R006C00,V200R001C00,V200R002C01,V200R002C10,V200R002C20,V200R005C10"
                          },
                          {
                            "version_value": "V200R005C00SPC500,V200R005C03,V200R006C00SPC100,V200R006C00SPC300,V200R006C00SPC500,V200R007C00SPC100,V200R007C00SPC500"
                          },
                          {
                            "version_value": "V200R005C00SPC500,V200R005C01"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Weak Algorithm"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en",
              "refsource": "MISC",
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2020-1810",
    "datePublished": "2020-01-09T17:44:54",
    "dateReserved": "2019-11-29T00:00:00",
    "dateUpdated": "2024-08-04T06:46:30.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-02175

CVE-2020-1810 (GCVE-0-2020-1810)

Tags

Sightings

Nomenclature