CVE-2018-7959

CWE-327 — Broken Cryptographic Algorithm3 documents3 sources

Severity

5.9MEDIUM

EPSS

0.1%

top 80.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Technologies Co., Ltd. Espace 7950 Huawei Espace 7950 Firmware

Timeline

PublishedNov 27

Latest updateMay 13

Description

There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/espace_7950_firmwarev200r003c30

▶CVEListV5huawei_technologies_co.,_ltd./espace_7950V200R003C30

🔴Vulnerability Details

GHSA

GHSA-vqvx-wmh9-rcrp: There is a short key vulnerability in Huawei eSpace product↗2022-05-13

▶

CVEList

CVE-2018-7959: There is a short key vulnerability in Huawei eSpace product↗2018-11-27

▶