Sign-up

ID

VAR-201711-0937


CVE

CVE-2017-8174


TITLE

Huawei USG6300 and USG6600 Vulnerabilities related to cryptographic strength in Japanese software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010803

DESCRIPTION

Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links. Both Huawei USG6300 and USG6600 are firewall devices of China Huawei (Huawei). There are security vulnerabilities in Huawei USG6300 and USG6600. The following products and versions are affected: Huawei USG6300 V100R001C30SPC300; Secospace USG6600 V100R001C30SPC500, V100R001C30SPC600, V100R001C30SPC700, and V100R001C30SPC800

Trust: 1.71

sources: NVD: CVE-2017-8174 // JVNDB: JVNDB-2017-010803 // VULHUB: VHN-116377

AFFECTED PRODUCTS

vendor:huaweimodel:secospace usg6300scope:eqversion:v100r001c30spc300

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v100r001c30spc500

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v100r001c30spc600

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v100r001c30spc700

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v100r001c30spc800

Trust: 2.4

sources: JVNDB: JVNDB-2017-010803 // CNNVD: CNNVD-201708-149 // NVD: CVE-2017-8174

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8174
value: HIGH

Trust: 1.0

NVD: CVE-2017-8174
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201708-149
value: MEDIUM

Trust: 0.6

VULHUB: VHN-116377
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8174
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116377
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8174
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116377 // JVNDB: JVNDB-2017-010803 // CNNVD: CNNVD-201708-149 // NVD: CVE-2017-8174

PROBLEMTYPE DATA

problemtype:CWE-326

Trust: 1.9

sources: VULHUB: VHN-116377 // JVNDB: JVNDB-2017-010803 // NVD: CVE-2017-8174

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-149

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201708-149

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010803

PATCH
title:huawei-sa-20170802-01-usgurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-usg-en
Trust: 0.8
title:Huawei USG6300  and USG6600 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74821
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010803 // 
            
            
            
            CNNVD: CNNVD-201708-149

EXTERNAL IDS
db:NVDid:CVE-2017-8174
Trust: 2.5
db:JVNDBid:JVNDB-2017-010803
Trust: 0.8
db:CNNVDid:CNNVD-201708-149
Trust: 0.7
db:VULHUBid:VHN-116377
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116377 // 
            
            
            
            JVNDB: JVNDB-2017-010803 // 
            
            
            
            CNNVD: CNNVD-201708-149 // 
            
            
            
            NVD: CVE-2017-8174

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-usg-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8174
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8174
Trust: 0.8
sources:
            
            
            VULHUB: VHN-116377 // 
            
            
            
            JVNDB: JVNDB-2017-010803 // 
            
            
            
            CNNVD: CNNVD-201708-149 // 
            
            
            
            NVD: CVE-2017-8174

CREDITS
Huawei
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201708-149

SOURCES
db:VULHUBid:VHN-116377
db:JVNDBid:JVNDB-2017-010803
db:CNNVDid:CNNVD-201708-149
db:NVDid:CVE-2017-8174

LAST UPDATE DATE
2024-11-23T21:40:09.598000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116377date:2017-12-12T00:00:00
db:JVNDBid:JVNDB-2017-010803date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201708-149date:2017-09-21T00:00:00
db:NVDid:CVE-2017-8174date:2024-11-21T03:33:28.253

SOURCES RELEASE DATE
db:VULHUBid:VHN-116377date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010803date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201708-149date:2017-08-02T00:00:00
db:NVDid:CVE-2017-8174date:2017-11-22T19:29:04.130