First published: Wed Sep 07 2016(Updated: )
Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei RH1288 V3 Firmware | =v100r003c00 | |
Huawei Rh2288h V3 Server Firmware | =v100r003c00 | |
Huawei X6800 V3 Server Firmware | =v100r003c00 | |
Huawei XH620 V3 | =v100r003c00 | |
Huawei RH1288 V3 | ||
Huawei RH2288H V3 Server | ||
Huawei X6800 V3 Server | ||
Huawei XH620 V3 | ||
Huawei Ch121 V3 Firmware | =v100r001c00 | |
Huawei CH140L V3 | =v100r001c00 | |
Huawei Ch220 V3 Server | =v100r001c00 | |
Huawei Ch222 V3 | =v100r001c00 | |
Huawei Ch226 V3 Server Firmware | =v100r001c00 | |
Huawei FusionServer CH121 V3 | ||
Huawei Ch140 V3 Server Firmware | ||
Huawei FusionServer CH220 V3 | ||
Huawei FusionServer Ch222 V3 | ||
Huawei Ch226 V3 Server Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-6838 has a medium severity rating affecting various Huawei server firmware versions.
To fix CVE-2016-6838, upgrade your Huawei servers to the specified firmware versions that patch the vulnerability.
CVE-2016-6838 affects Huawei X6800, XH620 V3, RH1288 V3, RH2288 V3, CH140 V3, and CH226 V3 servers.
Firmware versions before V100R003C00SPC606 for various models are vulnerable to CVE-2016-6838.
There are no known workarounds for CVE-2016-6838; the recommended action is to apply the firmware updates.