Details of VAR-201803-1314

ID

VAR-201803-1314

CVE

CVE-2017-15326

TITLE

DBS3900 TDD LTE Vulnerabilities in the use of cryptographic algorithms

Trust: 0.8

sources: JVNDB: JVNDB-2017-013009

DESCRIPTION

DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage. DBS3900TDDLTE is a modular network device product from China's Huawei company. Huawei DBS3900 TDD LTE is a distributed base station product of China Huawei (Huawei). This product supports wireless access to wireless networks and provides services such as video surveillance, data collection and data transmission

Trust: 2.25

sources: NVD: CVE-2017-15326 // JVNDB: JVNDB-2017-013009 // CNVD: CNVD-2018-06068 // VULHUB: VHN-106137

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-06068

AFFECTED PRODUCTS

vendor:	huawei	model:	dbs3900 tdd lte	scope:	eq	version:	v100r003c00	Trust: 2.4
vendor:	huawei	model:	dbs3900 tdd lte	scope:	eq	version:	v100r004c10	Trust: 2.4
vendor:	huawei	model:	dbs3900 tdd lte v100r004c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	dbs3900 tdd lte v100r003c00	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-06068 // JVNDB: JVNDB-2017-013009 // CNNVD: CNNVD-201803-906 // NVD: CVE-2017-15326

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-15326
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-15326
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-06068
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201803-906
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-106137
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-15326
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-06068
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-106137
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-15326
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-06068 // VULHUB: VHN-106137 // JVNDB: JVNDB-2017-013009 // CNNVD: CNNVD-201803-906 // NVD: CVE-2017-15326

PROBLEMTYPE DATA

problemtype:

CWE-327

Trust: 1.9

sources: VULHUB: VHN-106137 // JVNDB: JVNDB-2017-013009 // NVD: CVE-2017-15326

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-906

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-906

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-013009

PATCH

title:	huawei-sa-20180321-01-encryption	url:	http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en	Trust: 0.8
title:	HuaweiDBS3900TDDLTE weak encryption algorithm vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/122893	Trust: 0.6
title:	Huawei DBS3900 TDD LTE Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79403	Trust: 0.6

sources: CNVD: CNVD-2018-06068 // JVNDB: JVNDB-2017-013009 // CNNVD: CNNVD-201803-906

EXTERNAL IDS

db:	NVD	id:	CVE-2017-15326	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-013009	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-906	Trust: 0.7
db:	CNVD	id:	CNVD-2018-06068	Trust: 0.6
db:	VULHUB	id:	VHN-106137	Trust: 0.1

sources: CNVD: CNVD-2018-06068 // VULHUB: VHN-106137 // JVNDB: JVNDB-2017-013009 // CNNVD: CNNVD-201803-906 // NVD: CVE-2017-15326

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15326	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-15326	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-cn	Trust: 0.6

sources: CNVD: CNVD-2018-06068 // VULHUB: VHN-106137 // JVNDB: JVNDB-2017-013009 // CNNVD: CNNVD-201803-906 // NVD: CVE-2017-15326

SOURCES

db:	CNVD	id:	CNVD-2018-06068
db:	VULHUB	id:	VHN-106137
db:	JVNDB	id:	JVNDB-2017-013009
db:	CNNVD	id:	CNNVD-201803-906
db:	NVD	id:	CVE-2017-15326

LAST UPDATE DATE

2024-11-23T22:48:45.927000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-06068	date:	2018-03-23T00:00:00
db:	VULHUB	id:	VHN-106137	date:	2018-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-013009	date:	2018-05-22T00:00:00
db:	CNNVD	id:	CNNVD-201803-906	date:	2018-03-26T00:00:00
db:	NVD	id:	CVE-2017-15326	date:	2024-11-21T03:14:28.187

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-06068	date:	2018-03-23T00:00:00
db:	VULHUB	id:	VHN-106137	date:	2018-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2017-013009	date:	2018-05-22T00:00:00
db:	CNNVD	id:	CNNVD-201803-906	date:	2018-03-26T00:00:00
db:	NVD	id:	CVE-2017-15326	date:	2018-03-23T16:29:00.177