Lucene search

K
cveHuaweiCVE-2017-17167
HistoryMar 09, 2018 - 5:29 p.m.

CVE-2017-17167

2018-03-0917:29:00
CWE-327
huawei
web.nvd.nist.gov
44
cve-2017-17167
huawei
dp300
tp3206
viewpoint 9030
v500r002c00
v100r002c00
v100r011c02
v100r011c03
ssl
cryptographic algorithm

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

61.7%

Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information.

Affected configurations

Nvd
Vulners
Node
huaweidp300_firmwareMatchv500r002c00
AND
huaweidp300Match-
Node
huaweitp3206_firmwareMatchv100r002c00
AND
huaweitp3206Match-
Node
huaweiviewpoint_9030_firmwareMatchv100r011c02
OR
huaweiviewpoint_9030_firmwareMatchv100r011c03
AND
huaweiviewpoint_9030Match-
VendorProductVersionCPE
huaweidp300_firmwarev500r002c00cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*
huaweidp300-cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*
huaweitp3206_firmwarev100r002c00cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*
huaweitp3206-cpe:2.3:h:huawei:tp3206:-:*:*:*:*:*:*:*
huaweiviewpoint_9030_firmwarev100r011c02cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*
huaweiviewpoint_9030_firmwarev100r011c03cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*
huaweiviewpoint_9030-cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "DP300; TP3206; ViewPoint 9030",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "DP300 V500R002C00"
      },
      {
        "status": "affected",
        "version": "TP3206 V100R002C00"
      },
      {
        "status": "affected",
        "version": "ViewPoint 9030 V100R011C02"
      },
      {
        "status": "affected",
        "version": "V100R011C03"
      }
    ]
  }
]

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

61.7%

Related for CVE-2017-17167