Lucene search

Huawei TechnologiesHUAWEI-SA-20171222-01-CRYPTOGRAPHY

HistoryDec 22, 2017 - 12:00 a.m.

Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products

2017-12-2200:00:00

Huawei Technologies

www.huawei.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.3%

JSON

Some Huawei products have a weak cryptography vulnerability. Due to not properly some values in the certificates, an unauthenticated remote attacker could forges a specific RSA certificate and exploits the vulnerability to pass identity authentication and logs into the target device to obtain permissions configured for the specific user name. (Vulnerability ID: HWPSIRT-2016-09014) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17301.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171222-01-cryptography-en

Affected configurations

Vulners

Node

huaweiar120Matchv200r005c32

huaweiar120Matchv200r006c10

huaweiar120Matchv200r007c00

huaweiar120Matchv200r008c20

huaweiar1200Matchv200r005c20

huaweiar1200Matchv200r005c32

huaweiar1200Matchv200r006c10

huaweiar1200Matchv200r007c00

huaweiar1200Matchv200r007c01

huaweiar1200Matchv200r007c02

huaweiar1200Matchv200r008c20

huaweiar1200Matchv200r005c32

huaweiar1200Matchv200r006c10

huaweiar1200Matchv200r007c00

huaweiar1200Matchv200r008c20

huaweiar150Matchv200r006c10

huaweiar150Matchv200r007c00

huaweiar150Matchv200r007c01

huaweiar150Matchv200r007c02

huaweiar150Matchv200r008c20

huaweiar160Matchv200r005c32

huaweiar160Matchv200r006c10

huaweiar160Matchv200r007c00

huaweiar160Matchv200r007c01

huaweiar160Matchv200r007c02

huaweiar160Matchv200r008c20

huaweiar200Matchv200r005c32

huaweiar200Matchv200r006c10

huaweiar200Matchv200r007c00

huaweiar200Matchv200r007c01

huaweiar200Matchv200r008c20

huaweiar200Matchv200r005c32

huaweiar200Matchv200r006c10

huaweiar200Matchv200r007c00

huaweiar200Matchv200r008c20

huaweiar2200Matchv200r005c20

huaweiar2200Matchv200r005c32

huaweiar2200Matchv200r006c10

huaweiar2200Matchv200r007c00

huaweiar2200Matchv200r007c01

huaweiar2200Matchv200r007c02

huaweiar2200Matchv200r008c20

huaweiar2200Matchv200r005c32

huaweiar2200Matchv200r006c10

huaweiar2200Matchv200r007c00

huaweiar2200Matchv200r008c20

huaweiar3200Matchv200r005c32

huaweiar3200Matchv200r006c10

huaweiar3200Matchv200r006c11

huaweiar3200Matchv200r007c00

huaweiar3200Matchv200r007c01

huaweiar3200Matchv200r007c02

huaweiar3200Matchv200r008c00

huaweiar3200Matchv200r008c10

huaweiar3200Matchv200r008c20

huaweiar3200Matchv200r008c30

huaweiar3600Matchv200r006c10

huaweiar3600Matchv200r007c00

huaweiar3600Matchv200r007c01

huaweiar3600Matchv200r008c20

huaweiar510Matchv200r005c32

huaweiar510Matchv200r006c10

huaweiar510Matchv200r007c00

huaweiar510Matchv200r008c20

huaweicloudengine_1800vMatchv100r003c00

huaweicloudengine_1800vMatchv100r003c10

huaweicloudengine_1800vMatchv100r005c00

huaweicloudengine_1800vMatchv100r005c10

huaweicloudengine_1800vMatchv100r006c00

huaweicloudengine_1800vMatchv200r001c00

huaweicloudengine_5800Matchv100r003c00

huaweicloudengine_5800Matchv100r003c10

huaweicloudengine_5800Matchv100r005c00

huaweicloudengine_5800Matchv100r005c10

huaweicloudengine_5800Matchv100r006c00

huaweicloudengine_5800Matchv200r001c00

huawei6800Matchv100r003c00

huawei6800Matchv100r003c10

huawei6800Matchv100r005c00

huawei6800Matchv100r005c10

huawei6800Matchv100r006c00

huawei6800Matchv200r001c00

huaweicloudengine_1800vMatchv100r003c00

huaweicloudengine_1800vMatchv100r003c10

huaweicloudengine_1800vMatchv100r005c00

huaweicloudengine_1800vMatchv100r005c10

huaweicloudengine_1800vMatchv100r006c00

huaweicloudengine_1800vMatchv200r001c00

huaweidp300Matchv500r002c00

huaweismc2.0Matchv100r003c10

huaweismc2.0Matchv100r005c00

huaweismc2.0Matchv500r002c00

huaweisrg1300Matchv200r005c32

huaweisrg1300Matchv200r006c10

huaweisrg1300Matchv200r007c00

huaweisrg1300Matchv200r007c02

huaweisrg1300Matchv200r008c20

huaweisrg2300Matchv200r005c32

huaweisrg2300Matchv200r006c10

huaweisrg2300Matchv200r007c00

huaweisrg2300Matchv200r007c02

huaweisrg2300Matchv200r008c20

huaweisrg3300Matchv200r005c32

huaweisrg3300Matchv200r006c10

huaweisrg3300Matchv200r007c00

huaweisrg3300Matchv200r008c20

huaweite30Matchv100r001c10

huaweite60Matchv100r003c00

huaweite60Matchv500r002c00

huaweivp9660Matchv200r001c02

huaweivp9660Matchv200r001c30

huaweivp9660Matchv500r002c00

huaweiviewpoint_8660Matchv100r008c02

huaweiviewpoint_8660Matchv100r008c03

huaweiespace_desktopMatchv300r002c01

huaweiu1981Matchv200r003c20

huaweiu1981Matchv200r003c30

huaweiespace_desktopMatchv100r001c01

huaweiespace_desktopMatchv300r001c00

CPENameOperatorVersion
ar120-seqV200R005C32
ar120-seqV200R006C10
ar120-seqV200R007C00
ar120-seqV200R008C20
ar1200eqV200R005C20
ar1200eqV200R005C32
ar1200eqV200R006C10
ar1200eqV200R007C00
ar1200eqV200R007C01
ar1200eqV200R007C02

Name	Operator	Version
ar120-s	eq	V200R005C32
ar120-s	eq	V200R006C10
ar120-s	eq	V200R007C00
ar120-s	eq	V200R008C20
ar1200	eq	V200R005C20
ar1200	eq	V200R005C32
ar1200	eq	V200R006C10
ar1200	eq	V200R007C00
ar1200	eq	V200R007C01
ar1200	eq	V200R007C02

Rows per page:

1-10 of 1191

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.3%

JSON

Related for HUAWEI-SA-20171222-01-CRYPTOGRAPHY