Sign-up

ID

VAR-201802-0540


CVE

CVE-2017-15341


TITLE

plural Huawei Certificate validation vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012318

DESCRIPTION

Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device. plural Huawei The product contains a certificate validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR3200 is a new generation network product launched by China's Huawei company. HuaweiTE40/50/60 is a high-definition video conferencing terminal that supports 1080p60. The Huawei AR3200 and others are all products of China's Huawei (Huawei). The Huawei AR3200 is an AR3200 series enterprise router. The vulnerability is caused by the fact that the program does not have the correct encrypted X.509 certificate. The following products and versions are affected: Huawei AR3200 V200R008C20, V200R008C30; TE40 V600R006C00; TE50 V600R006C00; TE60 V600R006C00

Trust: 2.25

sources: NVD: CVE-2017-15341 // JVNDB: JVNDB-2017-012318 // CNVD: CNVD-2017-35588 // VULHUB: VHN-106154

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-35588

AFFECTED PRODUCTS

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r008c30

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r008c20

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:ar3200scope: - version: -

Trust: 0.8

vendor:huaweimodel:te40scope: - version: -

Trust: 0.8

vendor:huaweimodel:te50scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar3200 v200r008c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r008c30scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-35588 // JVNDB: JVNDB-2017-012318 // CNNVD: CNNVD-201711-1150 // NVD: CVE-2017-15341

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15341
value: HIGH

Trust: 1.0

NVD: CVE-2017-15341
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-35588
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-1150
value: MEDIUM

Trust: 0.6

VULHUB: VHN-106154
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-15341
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-35588
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-106154
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-15341
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-35588 // VULHUB: VHN-106154 // JVNDB: JVNDB-2017-012318 // CNNVD: CNNVD-201711-1150 // NVD: CVE-2017-15341

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.9

sources: VULHUB: VHN-106154 // JVNDB: JVNDB-2017-012318 // NVD: CVE-2017-15341

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1150

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-1150

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012318

PATCH
title:huawei-sa-20171129-01-certurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-cert-en
Trust: 0.8
title:Patches for various Huawei Product Denial of Service Vulnerabilities (CNVD-2017-35588)url:https://www.cnvd.org.cn/patchInfo/show/107305
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76805
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-35588 // 
            
            
            
            JVNDB: JVNDB-2017-012318 // 
            
            
            
            CNNVD: CNNVD-201711-1150

EXTERNAL IDS
db:NVDid:CVE-2017-15341
Trust: 3.1
db:JVNDBid:JVNDB-2017-012318
Trust: 0.8
db:CNNVDid:CNNVD-201711-1150
Trust: 0.7
db:CNVDid:CNVD-2017-35588
Trust: 0.6
db:VULHUBid:VHN-106154
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-35588 // 
            
            
            
            VULHUB: VHN-106154 // 
            
            
            
            JVNDB: JVNDB-2017-012318 // 
            
            
            
            CNNVD: CNNVD-201711-1150 // 
            
            
            
            NVD: CVE-2017-15341

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-cert-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15341
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15341
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171129-01-cert-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-35588 // 
            
            
            
            VULHUB: VHN-106154 // 
            
            
            
            JVNDB: JVNDB-2017-012318 // 
            
            
            
            CNNVD: CNNVD-201711-1150 // 
            
            
            
            NVD: CVE-2017-15341

CREDITS
Huawei internal tester
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-1150

SOURCES
db:CNVDid:CNVD-2017-35588
db:VULHUBid:VHN-106154
db:JVNDBid:JVNDB-2017-012318
db:CNNVDid:CNNVD-201711-1150
db:NVDid:CVE-2017-15341

LAST UPDATE DATE
2024-11-23T22:41:58.632000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-35588date:2017-11-30T00:00:00
db:VULHUBid:VHN-106154date:2018-02-22T00:00:00
db:JVNDBid:JVNDB-2017-012318date:2018-03-07T00:00:00
db:CNNVDid:CNNVD-201711-1150date:2017-11-30T00:00:00
db:NVDid:CVE-2017-15341date:2024-11-21T03:14:30.187

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-35588date:2017-12-01T00:00:00
db:VULHUBid:VHN-106154date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012318date:2018-03-07T00:00:00
db:CNNVDid:CNNVD-201711-1150date:2017-11-30T00:00:00
db:NVDid:CVE-2017-15341date:2018-02-15T16:29:00.830