ID de Prueba:	1.3.6.1.4.1.25623.1.0.107838
Categoría:	Huawei
Título:	Huawei Data Communication: Cache Timing Vulnerability in OpenSSL RSA Key Generation (huawei-sa-20181212-01-cache)
Resumen:	The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack (CVE-2018-0737).
Descripción:	Summary: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack (CVE-2018-0737). Vulnerability Insight: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack (CVE-2018-0737). An attacker could exploit this vulnerability to recover the private key. (Vulnerability ID: HWPSIRT-2018-06015)Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references. Vulnerability Impact: An attacker could exploit this vulnerability to recover the private key. Affected Software/OS: TE30 versions V600R006C10 TE40 versions V600R006C10 TE50 versions V600R006C10 TE60 versions V600R006C10 Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-0737 BugTraq ID: 103766 http://www.securityfocus.com/bid/103766 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/ https://security.netapp.com/advisory/ntap-20180726-0003/ https://securityadvisories.paloaltonetworks.com/Home/Detail/133 https://www.openssl.org/news/secadv/20180416.txt https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.tenable.com/security/tns-2018-12 https://www.tenable.com/security/tns-2018-13 https://www.tenable.com/security/tns-2018-14 https://www.tenable.com/security/tns-2018-17 Debian Security Information: DSA-4348 (Google Search) https://www.debian.org/security/2018/dsa-4348 Debian Security Information: DSA-4355 (Google Search) https://www.debian.org/security/2018/dsa-4355 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/ https://security.gentoo.org/glsa/201811-21 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html RedHat Security Advisories: RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3221 RedHat Security Advisories: RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2018:3505 RedHat Security Advisories: RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3932 RedHat Security Advisories: RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3933 RedHat Security Advisories: RHSA-2019:3935 https://access.redhat.com/errata/RHSA-2019:3935 http://www.securitytracker.com/id/1040685 https://usn.ubuntu.com/3628-1/ https://usn.ubuntu.com/3628-2/ https://usn.ubuntu.com/3692-1/ https://usn.ubuntu.com/3692-2/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.