cnvd - cnvd-2020-02175

cnvd-2020-02175

Vulnerability from cnvd

Title: Huawei CloudEngine 12800、S5700和S6700弱算法漏洞

Description:

Huawei CloudEngine 12800等都是中国华为（Huawei）公司的产品。Huawei CloudEngine 12800是一款12800系列数据中心交换机。Huawei S5700是一款企业级交换机产品。Huawei S6700是一款企业级交换机产品。

Huawei CloudEngine 12800、S5700和S6700中存在安全漏洞，该漏洞源于SSL密钥交换算法列表中使用了较弱的RSA算法。攻击者可利用该漏洞获取信息。

Severity: 低

Patch Name: Huawei CloudEngine 12800、S5700和S6700弱算法漏洞的补丁

Patch Description:

Huawei CloudEngine 12800、S5700和S6700中存在安全漏洞，该漏洞源于SSL密钥交换算法列表中使用了较弱的RSA算法。攻击者可利用该漏洞获取信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200108-01-rsa-cn

Reference: https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200108-01-rsa-cn

Impacted products

Name
['Huawei CloudEngine 12800 V100R006C00', 'Huawei CloudEngine 12800 V200R001C00', 'Huawei S6700 V200R005C01', 'Huawei CloudEngine 12800 V200R005C10', 'Huawei S5700 V200R005C03', 'Huawei CloudEngine 12800 V200R002C10', 'Huawei CloudEngine 12800 V200R002C20', 'Huawei S5700 V200R005C00SPC500', 'Huawei S5700 V200R006C00SPC100', 'Huawei S5700 V200R006C00SPC300', 'Huawei S5700 V200R006C00SPC500', 'Huawei S5700 V200R007C00SPC100', 'Huawei S5700 V200R007C00SPC500', 'Huawei S6700 V200R005C00SPC500', 'Huawei CloudEngine 12800 V200R002C01', 'Huawei CloudEngine 12800 V100R003C00SPC600', 'Huawei CloudEngine 12800 V100R003C10SPC100', 'Huawei CloudEngine 12800 V100R005C00SPC200', 'Huawei CloudEngine 12800 V100R005C00SPC300', 'Huawei CloudEngine 12800 V100R005C10HP0001', 'Huawei CloudEngine 12800 V100R005C10SPC100', 'Huawei CloudEngine 12800 V100R005C10SPC200']

Name

['Huawei CloudEngine 12800 V100R006C00', 'Huawei CloudEngine 12800 V200R001C00', 'Huawei S6700 V200R005C01', 'Huawei CloudEngine 12800 V200R005C10', 'Huawei S5700 V200R005C03', 'Huawei CloudEngine 12800 V200R002C10', 'Huawei CloudEngine 12800 V200R002C20', 'Huawei S5700 V200R005C00SPC500', 'Huawei S5700 V200R006C00SPC100', 'Huawei S5700 V200R006C00SPC300', 'Huawei S5700 V200R006C00SPC500', 'Huawei S5700 V200R007C00SPC100', 'Huawei S5700 V200R007C00SPC500', 'Huawei S6700 V200R005C00SPC500', 'Huawei CloudEngine 12800 V200R002C01', 'Huawei CloudEngine 12800 V100R003C00SPC600', 'Huawei CloudEngine 12800 V100R003C10SPC100', 'Huawei CloudEngine 12800 V100R005C00SPC200', 'Huawei CloudEngine 12800 V100R005C00SPC300', 'Huawei CloudEngine 12800 V100R005C10HP0001', 'Huawei CloudEngine 12800 V100R005C10SPC100', 'Huawei CloudEngine 12800 V100R005C10SPC200']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1810"
    }
  },
  "description": "Huawei CloudEngine 12800\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Huawei CloudEngine 12800\u662f\u4e00\u6b3e12800\u7cfb\u5217\u6570\u636e\u4e2d\u5fc3\u4ea4\u6362\u673a\u3002Huawei S5700\u662f\u4e00\u6b3e\u4f01\u4e1a\u7ea7\u4ea4\u6362\u673a\u4ea7\u54c1\u3002Huawei S6700\u662f\u4e00\u6b3e\u4f01\u4e1a\u7ea7\u4ea4\u6362\u673a\u4ea7\u54c1\u3002\n\nHuawei CloudEngine 12800\u3001S5700\u548cS6700\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eSSL\u5bc6\u94a5\u4ea4\u6362\u7b97\u6cd5\u5217\u8868\u4e2d\u4f7f\u7528\u4e86\u8f83\u5f31\u7684RSA\u7b97\u6cd5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200108-01-rsa-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-02175",
  "openTime": "2020-01-14",
  "patchDescription": "Huawei CloudEngine 12800\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Huawei CloudEngine 12800\u662f\u4e00\u6b3e12800\u7cfb\u5217\u6570\u636e\u4e2d\u5fc3\u4ea4\u6362\u673a\u3002Huawei S5700\u662f\u4e00\u6b3e\u4f01\u4e1a\u7ea7\u4ea4\u6362\u673a\u4ea7\u54c1\u3002Huawei S6700\u662f\u4e00\u6b3e\u4f01\u4e1a\u7ea7\u4ea4\u6362\u673a\u4ea7\u54c1\u3002\r\n\r\nHuawei CloudEngine 12800\u3001S5700\u548cS6700\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eSSL\u5bc6\u94a5\u4ea4\u6362\u7b97\u6cd5\u5217\u8868\u4e2d\u4f7f\u7528\u4e86\u8f83\u5f31\u7684RSA\u7b97\u6cd5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei CloudEngine 12800\u3001S5700\u548cS6700\u5f31\u7b97\u6cd5\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei CloudEngine 12800 V100R006C00",
      "Huawei CloudEngine 12800 V200R001C00",
      "Huawei S6700 V200R005C01",
      "Huawei CloudEngine 12800 V200R005C10",
      "Huawei S5700 V200R005C03",
      "Huawei CloudEngine 12800 V200R002C10",
      "Huawei CloudEngine 12800 V200R002C20",
      "Huawei S5700 V200R005C00SPC500",
      "Huawei S5700 V200R006C00SPC100",
      "Huawei S5700 V200R006C00SPC300",
      "Huawei S5700 V200R006C00SPC500",
      "Huawei S5700 V200R007C00SPC100",
      "Huawei S5700 V200R007C00SPC500",
      "Huawei S6700 V200R005C00SPC500",
      "Huawei CloudEngine 12800 V200R002C01",
      "Huawei CloudEngine 12800 V100R003C00SPC600",
      "Huawei CloudEngine 12800 V100R003C10SPC100",
      "Huawei CloudEngine 12800 V100R005C00SPC200",
      "Huawei CloudEngine 12800 V100R005C00SPC300",
      "Huawei CloudEngine 12800 V100R005C10HP0001",
      "Huawei CloudEngine 12800 V100R005C10SPC100",
      "Huawei CloudEngine 12800 V100R005C10SPC200"
    ]
  },
  "referenceLink": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200108-01-rsa-cn",
  "serverity": "\u4f4e",
  "submitTime": "2020-01-10",
  "title": "Huawei CloudEngine 12800\u3001S5700\u548cS6700\u5f31\u7b97\u6cd5\u6f0f\u6d1e"
}

CVE-2020-1810 (GCVE-0-2020-1810)

Vulnerability from cvelistv5

Published

2020-01-09 17:44

Modified

2024-08-04 06:46

Severity ?

CWE

Weak Algorithm

Summary

There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information.

References

▼	URL	Tags
	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	CloudEngine 12800;S5700;S6700	Version: V100R003C00SPC600,V100R003C10SPC100,V100R005C00SPC200,V100R005C00SPC300,V100R005C10HP0001,V100R005C10SPC100,V100R005C10SPC200,V100R006C00,V200R001C00,V200R002C01,V200R002C10,V200R002C20,V200R005C10 Version: V200R005C00SPC500,V200R005C03,V200R006C00SPC100,V200R006C00SPC300,V200R006C00SPC500,V200R007C00SPC100,V200R007C00SPC500 Version: V200R005C00SPC500,V200R005C01

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:46:30.887Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CloudEngine 12800;S5700;S6700",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "V100R003C00SPC600,V100R003C10SPC100,V100R005C00SPC200,V100R005C00SPC300,V100R005C10HP0001,V100R005C10SPC100,V100R005C10SPC200,V100R006C00,V200R001C00,V200R002C01,V200R002C10,V200R002C20,V200R005C10"
            },
            {
              "status": "affected",
              "version": "V200R005C00SPC500,V200R005C03,V200R006C00SPC100,V200R006C00SPC300,V200R006C00SPC500,V200R007C00SPC100,V200R007C00SPC500"
            },
            {
              "status": "affected",
              "version": "V200R005C00SPC500,V200R005C01"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Weak Algorithm",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-21T23:00:44",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2020-1810",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CloudEngine 12800;S5700;S6700",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V100R003C00SPC600,V100R003C10SPC100,V100R005C00SPC200,V100R005C00SPC300,V100R005C10HP0001,V100R005C10SPC100,V100R005C10SPC200,V100R006C00,V200R001C00,V200R002C01,V200R002C10,V200R002C20,V200R005C10"
                          },
                          {
                            "version_value": "V200R005C00SPC500,V200R005C03,V200R006C00SPC100,V200R006C00SPC300,V200R006C00SPC500,V200R007C00SPC100,V200R007C00SPC500"
                          },
                          {
                            "version_value": "V200R005C00SPC500,V200R005C01"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Weak Algorithm"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en",
              "refsource": "MISC",
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2020-1810",
    "datePublished": "2020-01-09T17:44:54",
    "dateReserved": "2019-11-29T00:00:00",
    "dateUpdated": "2024-08-04T06:46:30.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted