CVE-2016-6838

Vulnerability

The vulnerability (HWPSIRT-2016-07019) is an information leak in multiple Huawei server models. The affected software allows users to select SSH encryption algorithms. If an insecure encryption algorithm is selected, a remote attacker may decrypt ciphertext data, leading to information leaks. The affected products and versions include: - X6800 and XH620 V3 servers (software before V100R003C00SPC606) - RH1288 V3 servers (software before V100R003C00SPC613) - RH2288 V3 servers (software before V100R003C00SPC617) - CH140 V3 and CH226 V3 servers (software before V100R001C00SPC122) - CH220 V3 servers (software before V100R001C00SPC201) - CH121 V3 and CH222 V3 servers (software before V100R001C00SPC202) [1].

Exploitation

An attacker needs to be able to intercept encrypted network traffic between the server and its clients. The victim server must have been configured to use an insecure SSH encryption algorithm. By exploiting the weak algorithm, the attacker can decrypt the captured ciphertext without requiring authentication or user interaction beyond the initial configuration [1].

Impact

Successful exploitation allows the remote attacker to decrypt encrypted data transmitted over SSH, thereby gaining access to sensitive information that was intended to be protected. This leads to a breach of confidentiality; the attacker does not gain control over the server but can read intercepted communications [1].

Mitigation

Huawei has released software updates to address this vulnerability. Administrators should upgrade to the fixed versions as listed in the advisory [1]: - X6800 and XH620 V3: V100R003C00SPC606 - RH1288 V3: V100R003C00SPC613 - RH2288 V3: V100R003C00SPC617 - CH140 V3 and CH226 V3: V100R001C00SPC122 - CH220 V3: V100R001C00SPC201 - CH121 V3 and CH222 V3: V100R001C00SPC202

As a workaround, ensure that only secure SSH encryption algorithms are configured on the affected servers.