CVE-2017-15326Use of a Broken or Risky Cryptographic Algorithm in Technologies CO LTD Dbs3900 TDD LTE

CWE-327Use of a Broken or Risky Cryptographic Algorithm3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 87.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Technologies CO LTD Dbs3900 TDD LTEHuawei Dbs3900 TDD LTE Firmware
Timeline
PublishedMar 23
Latest updateMay 14

Description

DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDhuawei/dbs3900_tdd_lte_firmwarev100r003c00, v100r004c10+1
CVEListV5huawei_technologies_co_ltd/dbs3900_tdd_lteV100R003C00, V100R004C10

🔴Vulnerability Details

2
GHSA
GHSA-65pc-vpgq-hrgm: DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability2022-05-14
CVEList
CVE-2017-15326: DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability2018-03-23
CVE-2017-15326 — MEDIUM severity | cvebase