CVE-2018-7960

CWE-319 — Cleartext Transmission3 documents3 sources

Severity

7.4HIGH

EPSS

0.1%

top 81.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Technologies Co., Ltd. Espace 7950 Huawei Espace 7950 Firmware

Timeline

PublishedNov 27

Latest updateMay 13

Description

There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

▶NVDhuawei/espace_7950_firmwarev200r003c30

▶CVEListV5huawei_technologies_co.,_ltd./espace_7950V200R003C30

🔴Vulnerability Details

GHSA

GHSA-pgjp-266f-j96q: There is a SRTP icon display vulnerability in Huawei eSpace product↗2022-05-13

▶

CVEList

CVE-2018-7960: There is a SRTP icon display vulnerability in Huawei eSpace product↗2018-11-27

▶