Details of VAR-201811-0858

ID

VAR-201811-0858

CVE

CVE-2018-7960

TITLE

Huawei eSpace Cryptographic vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-012292

DESCRIPTION

There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak. Huawei eSpace The product contains cryptographic vulnerabilities.Information may be obtained and information may be altered. HuaweieSpace7950 is the 7950 series IP phone product of China Huawei

Trust: 2.25

sources: NVD: CVE-2018-7960 // JVNDB: JVNDB-2018-012292 // CNVD: CNVD-2018-23258 // VULHUB: VHN-137992

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-23258

AFFECTED PRODUCTS

vendor:	huawei	model:	espace 7950	scope:	eq	version:	v200r003c30	Trust: 1.6
vendor:	huawei	model:	espace 7950	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	espace v200r003c30	scope:	eq	version:	7950	Trust: 0.6

sources: CNVD: CNVD-2018-23258 // JVNDB: JVNDB-2018-012292 // CNNVD: CNNVD-201811-494 // NVD: CVE-2018-7960

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7960
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7960
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-23258
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201811-494
value:	HIGH
Trust: 0.6
VULHUB:	VHN-137992
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7960
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-23258
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-137992
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7960
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-23258 // VULHUB: VHN-137992 // JVNDB: JVNDB-2018-012292 // CNNVD: CNNVD-201811-494 // NVD: CVE-2018-7960

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.1
problemtype:	CWE-310	Trust: 0.9

sources: VULHUB: VHN-137992 // JVNDB: JVNDB-2018-012292 // NVD: CVE-2018-7960

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-494

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201811-494

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012292

PATCH

title:	huawei-sa-20181114-02-espace	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en	Trust: 0.8
title:	Huawei eSpace product SRTP ID shows the patch for the vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/144795	Trust: 0.6
title:	Huawei eSpace 7950 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86895	Trust: 0.6

sources: CNVD: CNVD-2018-23258 // JVNDB: JVNDB-2018-012292 // CNNVD: CNNVD-201811-494

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7960	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-012292	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-494	Trust: 0.7
db:	CNVD	id:	CNVD-2018-23258	Trust: 0.6
db:	VULHUB	id:	VHN-137992	Trust: 0.1

sources: CNVD: CNVD-2018-23258 // VULHUB: VHN-137992 // JVNDB: JVNDB-2018-012292 // CNNVD: CNNVD-201811-494 // NVD: CVE-2018-7960

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7960	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7960	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20181114-02-espace-cn	Trust: 0.6

sources: CNVD: CNVD-2018-23258 // VULHUB: VHN-137992 // JVNDB: JVNDB-2018-012292 // CNNVD: CNNVD-201811-494 // NVD: CVE-2018-7960

SOURCES

db:	CNVD	id:	CNVD-2018-23258
db:	VULHUB	id:	VHN-137992
db:	JVNDB	id:	JVNDB-2018-012292
db:	CNNVD	id:	CNNVD-201811-494
db:	NVD	id:	CVE-2018-7960

LAST UPDATE DATE

2024-11-23T23:08:32.812000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-23258	date:	2018-11-16T00:00:00
db:	VULHUB	id:	VHN-137992	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-012292	date:	2019-01-31T00:00:00
db:	CNNVD	id:	CNNVD-201811-494	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-7960	date:	2024-11-21T04:13:01.437

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-23258	date:	2018-11-16T00:00:00
db:	VULHUB	id:	VHN-137992	date:	2018-11-27T00:00:00
db:	JVNDB	id:	JVNDB-2018-012292	date:	2019-01-31T00:00:00
db:	CNNVD	id:	CNNVD-201811-494	date:	2018-11-15T00:00:00
db:	NVD	id:	CVE-2018-7960	date:	2018-11-27T22:29:00.400