Details of VAR-201811-0856

ID

VAR-201811-0856

CVE

CVE-2018-7958

TITLE

Huawei eSpace Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-012294

DESCRIPTION

There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information. Huawei eSpace The product contains authentication vulnerabilities.Information may be obtained and information may be altered. HuaweieSpace7950 is the 7950 series IP phone product of China Huawei. There is a security vulnerability in the Huawei eSpace 7950 V200R003C30 version, which is caused by insufficient authentication of the program

Trust: 2.25

sources: NVD: CVE-2018-7958 // JVNDB: JVNDB-2018-012294 // CNVD: CNVD-2018-23260 // VULHUB: VHN-137990

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-23260

AFFECTED PRODUCTS

vendor:	huawei	model:	espace 7950	scope:	eq	version:	v200r003c30	Trust: 1.6
vendor:	huawei	model:	espace 7950	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	espace v200r003c30	scope:	eq	version:	7950	Trust: 0.6

sources: CNVD: CNVD-2018-23260 // JVNDB: JVNDB-2018-012294 // CNNVD: CNNVD-201811-492 // NVD: CVE-2018-7958

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7958
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7958
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-23260
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201811-492
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-137990
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7958
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-23260
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-137990
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7958
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-23260 // VULHUB: VHN-137990 // JVNDB: JVNDB-2018-012294 // CNNVD: CNNVD-201811-492 // NVD: CVE-2018-7958

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-137990 // JVNDB: JVNDB-2018-012294 // NVD: CVE-2018-7958

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-492

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201811-492

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012294

PATCH

title:	huawei-sa-20181114-01-espace	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-espace-en	Trust: 0.8
title:	Huawei eSace products use patches for anonymous TLS algorithm vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/144791	Trust: 0.6
title:	Huawei eSpace 7950 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86894	Trust: 0.6

sources: CNVD: CNVD-2018-23260 // JVNDB: JVNDB-2018-012294 // CNNVD: CNNVD-201811-492

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7958	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-012294	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-492	Trust: 0.7
db:	CNVD	id:	CNVD-2018-23260	Trust: 0.6
db:	VULHUB	id:	VHN-137990	Trust: 0.1

sources: CNVD: CNVD-2018-23260 // VULHUB: VHN-137990 // JVNDB: JVNDB-2018-012294 // CNNVD: CNNVD-201811-492 // NVD: CVE-2018-7958

REFERENCES

url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20181114-01-espace-cn	Trust: 1.2
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-espace-en	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7958	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7958	Trust: 0.8

sources: CNVD: CNVD-2018-23260 // VULHUB: VHN-137990 // JVNDB: JVNDB-2018-012294 // CNNVD: CNNVD-201811-492 // NVD: CVE-2018-7958

SOURCES

db:	CNVD	id:	CNVD-2018-23260
db:	VULHUB	id:	VHN-137990
db:	JVNDB	id:	JVNDB-2018-012294
db:	CNNVD	id:	CNNVD-201811-492
db:	NVD	id:	CVE-2018-7958

LAST UPDATE DATE

2024-11-23T22:58:49.108000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-23260	date:	2018-11-16T00:00:00
db:	VULHUB	id:	VHN-137990	date:	2018-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2018-012294	date:	2019-01-31T00:00:00
db:	CNNVD	id:	CNNVD-201811-492	date:	2018-11-15T00:00:00
db:	NVD	id:	CVE-2018-7958	date:	2024-11-21T04:13:01.213

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-23260	date:	2018-11-16T00:00:00
db:	VULHUB	id:	VHN-137990	date:	2018-11-27T00:00:00
db:	JVNDB	id:	JVNDB-2018-012294	date:	2019-01-31T00:00:00
db:	CNNVD	id:	CNNVD-201811-492	date:	2018-11-15T00:00:00
db:	NVD	id:	CVE-2018-7958	date:	2018-11-27T22:29:00.307