Vulnerability Details : CVE-2016-6838
Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm.
Vulnerability category: Information leak
Products affected by CVE-2016-6838
- cpe:2.3:o:huawei:rh1288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh2288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:xh620_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:x6800_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch121_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch222_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch220_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch226_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch140_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6838
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6838
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-6838
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6838
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en
Security Advisory - Information Leak Vulnerability in Some Huawei ServersVendor Advisory
-
http://www.securityfocus.com/bid/92503
Multiple Huawei Products Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Jump to