CVE-2017-15326

EPSS 0.4%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

23 Mar 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.

Affected products

Huawei Technologies Co., Ltd. · DBS3900 TDD LTE

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en