CVE-2017-15326 Information

Description

DBS3900 TDD LTE V100R003C00 V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Reference

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3