Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2017-17305
HistoryAug 21, 2018 - 1:29 p.m.

CVE-2017-17305

2018-08-2113:29:00
CWE-310
[email protected]
web.nvd.nist.gov
1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.9%

JSON

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability can impact IPSec tunnel security.

Affected configurations

NVD
Node
huaweiusg2205bsr_firmwareMatchv300r001c10spc600
AND
huaweiusg2205bsrMatch-
Node
huaweiusg2220bsr_firmwareMatchv300r001c00
AND
huaweiusg2220bsrMatch-
Node
huaweiusg5120bsr_firmwareMatchv300r001c00
AND
huaweiusg5120bsrMatch-
Node
huaweiusg5150bsr_firmwareMatchv300r001c00
AND
huaweiusg5150bsrMatch-

Related

cvelist 1
prion 1
cve 1
huawei 1
openvas 1
threatpost 1
cvelist
cvelist
CVE-2017-17305
2018-08-21 13:00:00
prion
prion
Design/Logic Flaw
2018-08-21 13:29:00
cve
cve
CVE-2017-17305
2018-08-21 13:29:00
huawei
huawei
Security Advisory - Multiple Vulnerabilities in IPsec IKE of Huawei Firewall Products
2018-08-13 00:00:00
openvas
openvas
Huawei Data Communication: Multiple Vulnerabilities in IPsec IKE implementations of Huawei Firewall Products (huawei-sa-20180411-01-Bleichenbacher)
2020-05-26 00:00:00
threatpost
threatpost
Researchers Break IPsec VPN Connections with 20-Year-Old Protocol Flaw
2018-08-14 16:07:22

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.9%

JSON
Related for NVD:CVE-2017-17305
cvelist1prion1cve1huawei1openvas1threatpost1