Sign-up

ID

VAR-201803-1043


CVE

CVE-2017-17167


TITLE

plural Huawei Vulnerability in using cryptographic algorithms in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012811

DESCRIPTION

Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information. Huawei DP300, TP3206, and ViewPoint 9030 are products of China Huawei. The DP300 is a video conferencing terminal. The TP3206 is a panoramic video conferencing solution. The ViewPoint 9030 is a multipoint control unit for video conferencing systems. The vulnerability stems from the fact that devices support the use of weak encryption algorithm sets in SSL connections. Multiple Huawei Products are prone to an information-disclosure vulnerability. There are security vulnerabilities in Huawei DP300, TP3206, and ViewPoint 9030

Trust: 2.52

sources: NVD: CVE-2017-17167 // JVNDB: JVNDB-2017-012811 // CNVD: CNVD-2017-37843 // BID: 103513 // VULHUB: VHN-108162

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-37843

AFFECTED PRODUCTS

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:tp3206scope:eqversion:v100r002c00

Trust: 2.4

vendor:huaweimodel:viewpoint 9030scope:eqversion:v100r011c02

Trust: 2.4

vendor:huaweimodel:viewpoint 9030scope:eqversion:v100r011c03

Trust: 2.4

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:viewpoint v100r011c03scope:eqversion:9030

Trust: 0.9

vendor:huaweimodel:viewpoint v100r011c02scope:eqversion:9030

Trust: 0.9

vendor:huaweimodel:tp3206 v100r002c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:viewpoint v100r011c03spc800scope:neversion:9030

Trust: 0.3

vendor:huaweimodel:tp3206 v100r002c00spc800scope:neversion: -

Trust: 0.3

vendor:huaweimodel:dp300 v500r002c00spcb00scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-37843 // BID: 103513 // JVNDB: JVNDB-2017-012811 // CNNVD: CNNVD-201712-668 // NVD: CVE-2017-17167

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17167
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17167
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-37843
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-668
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108162
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17167
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-37843
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108162
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17167
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-37843 // VULHUB: VHN-108162 // JVNDB: JVNDB-2017-012811 // CNNVD: CNNVD-201712-668 // NVD: CVE-2017-17167

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.9

sources: VULHUB: VHN-108162 // JVNDB: JVNDB-2017-012811 // NVD: CVE-2017-17167

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-668

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201712-668

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012811

PATCH
title:huawei-sa-20171215-01-sslurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en
Trust: 0.8
title:Patch for HuaweiDP300, TP3206, and ViewPoint9030 weak encryption algorithm vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/111429
Trust: 0.6
title:Huawei DP300 , TP3206  and ViewPoint 9030 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77206
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-37843 // 
            
            
            
            JVNDB: JVNDB-2017-012811 // 
            
            
            
            CNNVD: CNNVD-201712-668

EXTERNAL IDS
db:NVDid:CVE-2017-17167
Trust: 3.4
db:BIDid:103513
Trust: 1.4
db:JVNDBid:JVNDB-2017-012811
Trust: 0.8
db:CNNVDid:CNNVD-201712-668
Trust: 0.7
db:CNVDid:CNVD-2017-37843
Trust: 0.6
db:VULHUBid:VHN-108162
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37843 // 
            
            
            
            VULHUB: VHN-108162 // 
            
            
            
            BID: 103513 // 
            
            
            
            JVNDB: JVNDB-2017-012811 // 
            
            
            
            CNNVD: CNNVD-201712-668 // 
            
            
            
            NVD: CVE-2017-17167

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en
Trust: 2.0
url:http://www.securityfocus.com/bid/103513
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17167
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17167
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171215-01-ssl-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-37843 // 
            
            
            
            VULHUB: VHN-108162 // 
            
            
            
            BID: 103513 // 
            
            
            
            JVNDB: JVNDB-2017-012811 // 
            
            
            
            CNNVD: CNNVD-201712-668 // 
            
            
            
            NVD: CVE-2017-17167

CREDITS
Huawei internal tester
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201712-668

SOURCES
db:CNVDid:CNVD-2017-37843
db:VULHUBid:VHN-108162
db:BIDid:103513
db:JVNDBid:JVNDB-2017-012811
db:CNNVDid:CNNVD-201712-668
db:NVDid:CVE-2017-17167

LAST UPDATE DATE
2024-11-23T23:02:12.091000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-37843date:2017-12-22T00:00:00
db:VULHUBid:VHN-108162date:2018-03-29T00:00:00
db:BIDid:103513date:2018-12-15T00:00:00
db:JVNDBid:JVNDB-2017-012811date:2018-04-19T00:00:00
db:CNNVDid:CNNVD-201712-668date:2017-12-21T00:00:00
db:NVDid:CVE-2017-17167date:2024-11-21T03:17:37.940

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-37843date:2017-12-22T00:00:00
db:VULHUBid:VHN-108162date:2018-03-09T00:00:00
db:BIDid:103513date:2018-12-15T00:00:00
db:JVNDBid:JVNDB-2017-012811date:2018-04-19T00:00:00
db:CNNVDid:CNNVD-201712-668date:2017-12-21T00:00:00
db:NVDid:CVE-2017-17167date:2018-03-09T17:29:00.643