Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2017-17301

Disclosure Date: February 15, 2018 •

CVE-2017-17301

Description

Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR2200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 5800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 6800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 7800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, DP300 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, TE30 V100R001C10, TE60 V100R003C00, V500R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, ViewPoint 8660 V100R008C02, V100R008C03, eSpace IAD V300R002C01, eSpace U1981 V200R003C20, V200R003C30, eSpace USM V100R001C01, V300R001C00 have a weak cryptography vulnerability. Due to not properly some values in the certificates, an unauthenticated remote attacker could forges a specific RSA certificate and exploits the vulnerability to pass identity authentication and logs into the target device to obtain permissions configured for the specific user name.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

AR120-S,AR1200,AR1200-S,AR150,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800,DP300,SMC2.0,SRG1300,SRG2300,SRG3300,TE30,TE60,VP9660,ViewPoint 8660,eSpace IAD,eSpace U1981,eSpace USM AR120-SV200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-SV200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR160V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR200V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR200-SV200R005C32, V200R006C10, V200R007C00, V200R008C20, AR2200V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR2200-SV200R005C32, V200R006C10, V200R007C00, V200R008C20, AR3200V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510V200R005C32, V200R006C10, V200R007C00, V200R008C20, CloudEngine 12800V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 5800V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 6800V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 7800V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, DP300V500R002C00, SMC2.0V100R003C10, V100R005C00, V500R002C00, SRG1300V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG2300V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG3300V200R005C32, V200R006C10, V200R007C00, V200R008C20, TE30V100R001C10, TE60V100R003C00, V500R002C00, VP9660V200R001C02, V200R001C30, V500R002C00, ViewPoint 8660V100R008C02, V100R008C03, eSpace IADV300R002C01, eSpace U1981V200R003C20, V200R003C30, eSpace USMV100R001C01, V300R001C00

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

huawei

Products

References

Canonical

CVE-2017-17301 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17301)

Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171222-01-cryptography-en

Rapid7

Unknown

CVE-2017-17301

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2017-17301

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2017-17301

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2017-17301

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification