Sign-up

ID

VAR-201807-0255


CVE

CVE-2017-17174


TITLE

plural Huawei Cryptographic vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-014185

DESCRIPTION

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key and the previously captured sessions by some cryptanalytic operations. Successful exploit may cause information leak. plural Huawei The product contains a cryptographic vulnerability.Information may be obtained. HuaweieSpaceU1981 and other products are all products of China Huawei. The eSpaceU1981 is a voice gateway product. The VP9660 is a multimedia switching platform. Huawei RSE6500 is a full HD video recorder. SoftCo is an IP voice integrated switch. There are security vulnerabilities in many Huawei products

Trust: 2.25

sources: NVD: CVE-2017-17174 // JVNDB: JVNDB-2017-014185 // CNVD: CNVD-2018-12785 // VULHUB: VHN-108170

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-12785

AFFECTED PRODUCTS

vendor:huaweimodel:espace u1981scope:eqversion:v200r003c20

Trust: 2.4

vendor:huaweimodel:espace u1981scope:eqversion:v200r003c30

Trust: 2.4

vendor:huaweimodel:espace u1981scope:eqversion:v200r003c50

Trust: 2.4

vendor:huaweimodel:rse6500scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:softcoscope:eqversion:v200r003c20spcb00

Trust: 2.4

vendor:huaweimodel:vp9660scope:eqversion:v600r006c10

Trust: 2.4

vendor:huaweimodel:espace u1981scope:eqversion:v200r001c20

Trust: 1.6

vendor:huaweimodel:espace u1981scope:eqversion:v100r001c20

Trust: 0.8

vendor:huaweimodel:espace u1981 v200r003c30scope: - version: -

Trust: 0.6

vendor:huaweimodel:espace u1981 v100r001c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:rse6500 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:espace u1981 v200r003c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:espace u1981 v200r003c50scope: - version: -

Trust: 0.6

vendor:huaweimodel:vp9660 v600r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:softco v200r003c20spcb00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-12785 // JVNDB: JVNDB-2017-014185 // CNNVD: CNNVD-201712-931 // NVD: CVE-2017-17174

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17174
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17174
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-12785
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-931
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108170
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17174
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-12785
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108170
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17174
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-12785 // VULHUB: VHN-108170 // JVNDB: JVNDB-2017-014185 // CNNVD: CNNVD-201712-931 // NVD: CVE-2017-17174

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-108170 // JVNDB: JVNDB-2017-014185 // NVD: CVE-2017-17174

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-931

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201712-931

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014185

PATCH
title:huawei-sa-20180703-01-algorithmurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180703-01-algorithm-en
Trust: 0.8
title:Patches for multiple Huawei product weak algorithm vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/133911
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-12785 // 
            
            
            
            JVNDB: JVNDB-2017-014185

EXTERNAL IDS
db:NVDid:CVE-2017-17174
Trust: 3.1
db:JVNDBid:JVNDB-2017-014185
Trust: 0.8
db:CNNVDid:CNNVD-201712-931
Trust: 0.7
db:CNVDid:CNVD-2018-12785
Trust: 0.6
db:VULHUBid:VHN-108170
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-12785 // 
            
            
            
            VULHUB: VHN-108170 // 
            
            
            
            JVNDB: JVNDB-2017-014185 // 
            
            
            
            CNNVD: CNNVD-201712-931 // 
            
            
            
            NVD: CVE-2017-17174

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180703-01-algorithm-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17174
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17174
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180703-01-algorithm-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-12785 // 
            
            
            
            VULHUB: VHN-108170 // 
            
            
            
            JVNDB: JVNDB-2017-014185 // 
            
            
            
            CNNVD: CNNVD-201712-931 // 
            
            
            
            NVD: CVE-2017-17174

SOURCES
db:CNVDid:CNVD-2018-12785
db:VULHUBid:VHN-108170
db:JVNDBid:JVNDB-2017-014185
db:CNNVDid:CNNVD-201712-931
db:NVDid:CVE-2017-17174

LAST UPDATE DATE
2024-11-23T23:02:07.710000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-12785date:2018-07-10T00:00:00
db:VULHUBid:VHN-108170date:2018-10-12T00:00:00
db:JVNDBid:JVNDB-2017-014185date:2018-11-08T00:00:00
db:CNNVDid:CNNVD-201712-931date:2018-08-01T00:00:00
db:NVDid:CVE-2017-17174date:2024-11-21T03:17:38.853

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-12785date:2018-07-10T00:00:00
db:VULHUBid:VHN-108170date:2018-07-31T00:00:00
db:JVNDBid:JVNDB-2017-014185date:2018-11-08T00:00:00
db:CNNVDid:CNNVD-201712-931date:2017-12-26T00:00:00
db:NVDid:CVE-2017-17174date:2018-07-31T14:29:00.247