CVE-2018-7958
First published: Tue Nov 27 2018(Updated: )
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Espace 7950 Firmware | =v200r003c30 | |
| Huawei eSpace 7950 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Huawei eSpace product vulnerability?
The vulnerability ID is CVE-2018-7958.
What is the severity rating of CVE-2018-7958?
The severity rating of CVE-2018-7958 is 7.4 (High).
Which Huawei eSpace product is affected by CVE-2018-7958?
Huawei eSpace 7950 Firmware v200r003c30 is affected by CVE-2018-7958.
What is the CWE ID for this vulnerability?
The CWE ID for CVE-2018-7958 is CWE-287.
How can the anonymous TLS cipher suites supported vulnerability in Huawei eSpace product be exploited?
An unauthenticated, remote attacker can launch a man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei espace 7950 firmware
- version/huawei espace 7950 firmware/v200r003c30
- canonical/huawei espace 7950