CVE-2018-7958 | Date: (C)2018-11-28 (M)2023-12-22 |
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 7.4 | CVSS Score : 5.8 |
Exploit Score: 2.2 | Exploit Score: 8.6 |
Impact Score: 5.2 | Impact Score: 4.9 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: NETWORK | Access Vector: NETWORK |
Attack Complexity: HIGH | Access Complexity: MEDIUM |
Privileges Required: NONE | Authentication: NONE |
User Interaction: NONE | Confidentiality: PARTIAL |
Scope: UNCHANGED | Integrity: PARTIAL |
Confidentiality: HIGH | Availability: NONE |
Integrity: HIGH | |
Availability: NONE | |
| |