Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2017-17301
HistoryFeb 15, 2018 - 4:29 p.m.

CVE-2017-17301

2018-02-1516:29:03
CWE-295
[email protected]
web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.2%

JSON

Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR2200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 5800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 6800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 7800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, DP300 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, TE30 V100R001C10, TE60 V100R003C00, V500R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, ViewPoint 8660 V100R008C02, V100R008C03, eSpace IAD V300R002C01, eSpace U1981 V200R003C20, V200R003C30, eSpace USM V100R001C01, V300R001C00 have a weak cryptography vulnerability. Due to not properly some values in the certificates, an unauthenticated remote attacker could forges a specific RSA certificate and exploits the vulnerability to pass identity authentication and logs into the target device to obtain permissions configured for the specific user name.

Affected configurations

NVD
Node
huaweiar120-s_firmwareMatchv200r005c32
OR
huaweiar120-s_firmwareMatchv200r006c10
OR
huaweiar120-s_firmwareMatchv200r007c00
OR
huaweiar120-s_firmwareMatchv200r008c20
AND
huaweiar120-sMatch-
Node
huaweiar1200_firmwareMatchv200r005c20
OR
huaweiar1200_firmwareMatchv200r005c32
OR
huaweiar1200_firmwareMatchv200r006c10
OR
huaweiar1200_firmwareMatchv200r007c00
OR
huaweiar1200_firmwareMatchv200r007c01
OR
huaweiar1200_firmwareMatchv200r007c02
OR
huaweiar1200_firmwareMatchv200r008c20
AND
huaweiar1200Match-
Node
huaweiar1200-s_firmwareMatchv200r005c32
OR
huaweiar1200-s_firmwareMatchv200r006c10
OR
huaweiar1200-s_firmwareMatchv200r007c00
OR
huaweiar1200-s_firmwareMatchv200r008c20
AND
huaweiar1200-sMatch-
Node
huaweiar150_firmwareMatchv200r006c10
OR
huaweiar150_firmwareMatchv200r007c00
OR
huaweiar150_firmwareMatchv200r007c01
OR
huaweiar150_firmwareMatchv200r007c02
OR
huaweiar150_firmwareMatchv200r008c20
AND
huaweiar150Match-
Node
huaweiar160_firmwareMatchv200r005c32
OR
huaweiar160_firmwareMatchv200r006c10
OR
huaweiar160_firmwareMatchv200r007c00
OR
huaweiar160_firmwareMatchv200r007c01
OR
huaweiar160_firmwareMatchv200r007c02
OR
huaweiar160_firmwareMatchv200r008c20
AND
huaweiar160Match-
Node
huaweiar200_firmwareMatchv200r005c32
OR
huaweiar200_firmwareMatchv200r006c10
OR
huaweiar200_firmwareMatchv200r007c00
OR
huaweiar200_firmwareMatchv200r007c01
OR
huaweiar200_firmwareMatchv200r008c20
AND
huaweiar200Match-
Node
huaweiar200-s_firmwareMatchv200r005c32
OR
huaweiar200-s_firmwareMatchv200r006c10
OR
huaweiar200-s_firmwareMatchv200r007c00
OR
huaweiar200-s_firmwareMatchv200r007c01
OR
huaweiar200-s_firmwareMatchv200r008c20
AND
huaweiar200-sMatch-
Node
huaweiar2200_firmwareMatchv200r005c20
OR
huaweiar2200_firmwareMatchv200r005c32
OR
huaweiar2200_firmwareMatchv200r006c10
OR
huaweiar2200_firmwareMatchv200r007c00
OR
huaweiar2200_firmwareMatchv200r007c01
OR
huaweiar2200_firmwareMatchv200r007c02
OR
huaweiar2200_firmwareMatchv200r008c20
AND
huaweiar2200Match-
Node
huaweiar2200-s_firmwareMatchv200r005c32
OR
huaweiar2200-s_firmwareMatchv200r006c10
OR
huaweiar2200-s_firmwareMatchv200r007c00
OR
huaweiar2200-s_firmwareMatchv200r008c20
AND
huaweiar2200-sMatch-
Node
huaweiar3200_firmwareMatchv200r005c32
OR
huaweiar3200_firmwareMatchv200r006c10
OR
huaweiar3200_firmwareMatchv200r006c11
OR
huaweiar3200_firmwareMatchv200r007c00
OR
huaweiar3200_firmwareMatchv200r007c01
OR
huaweiar3200_firmwareMatchv200r007c02
OR
huaweiar3200_firmwareMatchv200r008c00
OR
huaweiar3200_firmwareMatchv200r008c10
OR
huaweiar3200_firmwareMatchv200r008c20
OR
huaweiar3200_firmwareMatchv200r008c30
AND
huaweiar3200Match-
Node
huaweiar3600_firmwareMatchv200r006c10
OR
huaweiar3600_firmwareMatchv200r007c00
OR
huaweiar3600_firmwareMatchv200r007c01
OR
huaweiar3600_firmwareMatchv200r008c20
AND
huaweiar3600Match-
Node
huaweiar510_firmwareMatchv200r005c32
OR
huaweiar510_firmwareMatchv200r006c10
OR
huaweiar510_firmwareMatchv200r007c00
OR
huaweiar510_firmwareMatchv200r008c20
AND
huaweiar510Match-
Node
huaweicloudengine_12800_firmwareMatchv100r003c00
OR
huaweicloudengine_12800_firmwareMatchv100r003c10
OR
huaweicloudengine_12800_firmwareMatchv100r005c00
OR
huaweicloudengine_12800_firmwareMatchv100r005c10
OR
huaweicloudengine_12800_firmwareMatchv100r006c00
OR
huaweicloudengine_12800_firmwareMatchv200r001c00
AND
huaweicloudengine_12800Match-
Node
huaweicloudengine_5800_firmwareMatchv100r003c00
OR
huaweicloudengine_5800_firmwareMatchv100r003c10
OR
huaweicloudengine_5800_firmwareMatchv100r005c00
OR
huaweicloudengine_5800_firmwareMatchv100r005c10
OR
huaweicloudengine_5800_firmwareMatchv100r006c00
OR
huaweicloudengine_5800_firmwareMatchv200r001c00
AND
huaweicloudengine_5800Match-
Node
huaweicloudengine_6800_firmwareMatchv100r003c00
OR
huaweicloudengine_6800_firmwareMatchv100r003c10
OR
huaweicloudengine_6800_firmwareMatchv100r005c00
OR
huaweicloudengine_6800_firmwareMatchv100r005c10
OR
huaweicloudengine_6800_firmwareMatchv100r006c00
OR
huaweicloudengine_6800_firmwareMatchv200r001c00
AND
huaweicloudengine_6800Match-
Node
huaweicloudengine_7800_firmwareMatchv100r003c00
OR
huaweicloudengine_7800_firmwareMatchv100r003c10
OR
huaweicloudengine_7800_firmwareMatchv100r005c00
OR
huaweicloudengine_7800_firmwareMatchv100r005c10
OR
huaweicloudengine_7800_firmwareMatchv100r006c00
OR
huaweicloudengine_7800_firmwareMatchv200r001c00
AND
huaweicloudengine_7800Match-
Node
huaweidp300_firmwareMatchv500r002c00
AND
huaweidp300Match-
Node
huaweismc2.0_firmwareMatchv100r003c10
OR
huaweismc2.0_firmwareMatchv100r005c00
OR
huaweismc2.0_firmwareMatchv500r002c00
AND
huaweismc2.0Match-
Node
huaweisrg1300_firmwareMatchv200r005c32
OR
huaweisrg1300_firmwareMatchv200r006c10
OR
huaweisrg1300_firmwareMatchv200r007c00
OR
huaweisrg1300_firmwareMatchv200r007c02
OR
huaweisrg1300_firmwareMatchv200r008c20
AND
huaweisrg1300Match-
Node
huaweisrg2300_firmwareMatchv200r005c32
OR
huaweisrg2300_firmwareMatchv200r006c10
OR
huaweisrg2300_firmwareMatchv200r007c00
OR
huaweisrg2300_firmwareMatchv200r007c02
OR
huaweisrg2300_firmwareMatchv200r008c20
AND
huaweisrg2300Match-
Node
huaweisrg3300_firmwareMatchv200r005c32
OR
huaweisrg3300_firmwareMatchv200r006c10
OR
huaweisrg3300_firmwareMatchv200r007c00
OR
huaweisrg3300_firmwareMatchv200r008c20
AND
huaweisrg3300Match-
Node
huaweite30_firmwareMatchv100r001c10
AND
huaweite30Match-
Node
huaweite60_firmwareMatchv100r003c00
OR
huaweite60_firmwareMatchv500r002c00
AND
huaweite60Match-
Node
huaweivp9660_firmwareMatchv200r001c02
OR
huaweivp9660_firmwareMatchv200r001c30
OR
huaweivp9660_firmwareMatchv500r002c00
AND
huaweivp9660Match-
Node
huaweiviewpoint_8660_firmwareMatchv100r008c02
OR
huaweiviewpoint_8660_firmwareMatchv100r008c03
AND
huaweiviewpoint_8660Match-
Node
huaweiespace_iad_firmwareMatchv300r002c01
AND
huaweiespace_iadMatch-
Node
huaweiespace_u1981_firmwareMatchv200r003c20
OR
huaweiespace_u1981_firmwareMatchv200r003c30
AND
huaweiespace_u1981Match-
Node
huaweiespace_usm_firmwareMatchv100r001c01
OR
huaweiespace_usm_firmwareMatchv300r001c00
AND
huaweiespace_usmMatch-

Related

cvelist 1
openvas 1
prion 1
cve 1
huawei 1
cvelist
cvelist
CVE-2017-17301
2018-02-15 16:00:00
openvas
openvas
Huawei Data Communication: Weak Cryptography Vulnerability in Some Huawei Products (huawei-sa-20171222-01-cryptography)
2020-05-27 00:00:00
prion
prion
Design/Logic Flaw
2018-02-15 16:29:00
cve
cve
CVE-2017-17301
2018-02-15 16:29:03
huawei
huawei
Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products
2017-12-22 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.2%

JSON
Related for NVD:CVE-2017-17301
cvelist1openvas1prion1cve1huawei1