Sign-up

ID

VAR-201808-0119


CVE

CVE-2017-17305


TITLE

plural Huawei Firewall Cryptographic vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-014182

DESCRIPTION

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability can impact IPSec tunnel security. plural Huawei Firewall The product contains cryptographic vulnerabilities.Information may be obtained. Huawei USG2205BSR etc. IPSEC IKEv1 is one of the Internet key exchange components. The following products and versions are affected: Huawei USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00

Trust: 1.71

sources: NVD: CVE-2017-17305 // JVNDB: JVNDB-2017-014182 // VULHUB: VHN-108314

AFFECTED PRODUCTS

vendor:huaweimodel:usg2205bsrscope:eqversion:v300r001c10spc600

Trust: 2.4

vendor:huaweimodel:usg2220bsrscope:eqversion:v300r001c00

Trust: 2.4

vendor:huaweimodel:usg5120bsrscope:eqversion:v300r001c00

Trust: 2.4

vendor:huaweimodel:usg5150bsrscope:eqversion:v300r001c00

Trust: 2.4

sources: JVNDB: JVNDB-2017-014182 // CNNVD: CNNVD-201808-497 // NVD: CVE-2017-17305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17305
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17305
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201808-497
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108314
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17305
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-108314
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17305
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-108314 // JVNDB: JVNDB-2017-014182 // CNNVD: CNNVD-201808-497 // NVD: CVE-2017-17305

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-108314 // JVNDB: JVNDB-2017-014182 // NVD: CVE-2017-17305

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-497

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201808-497

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014182

PATCH
title:huawei-sa-20180813-01-Bleichenbacherurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180813-01-Bleichenbacher-en
Trust: 0.8
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84115
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-014182 // 
            
            
            
            CNNVD: CNNVD-201808-497

EXTERNAL IDS
db:NVDid:CVE-2017-17305
Trust: 2.5
db:JVNDBid:JVNDB-2017-014182
Trust: 0.8
db:CNNVDid:CNNVD-201808-497
Trust: 0.7
db:VULHUBid:VHN-108314
Trust: 0.1
sources:
            
            
            VULHUB: VHN-108314 // 
            
            
            
            JVNDB: JVNDB-2017-014182 // 
            
            
            
            CNNVD: CNNVD-201808-497 // 
            
            
            
            NVD: CVE-2017-17305

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180813-01-bleichenbacher-en
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17305
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17305
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180813-01-bleichenbacher-cn
Trust: 0.6
sources:
            
            
            VULHUB: VHN-108314 // 
            
            
            
            JVNDB: JVNDB-2017-014182 // 
            
            
            
            CNNVD: CNNVD-201808-497 // 
            
            
            
            NVD: CVE-2017-17305

SOURCES
db:VULHUBid:VHN-108314
db:JVNDBid:JVNDB-2017-014182
db:CNNVDid:CNNVD-201808-497
db:NVDid:CVE-2017-17305

LAST UPDATE DATE
2024-11-23T22:06:39.463000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-108314date:2018-10-12T00:00:00
db:JVNDBid:JVNDB-2017-014182date:2018-11-07T00:00:00
db:CNNVDid:CNNVD-201808-497date:2018-08-17T00:00:00
db:NVDid:CVE-2017-17305date:2024-11-21T03:17:48.070

SOURCES RELEASE DATE
db:VULHUBid:VHN-108314date:2018-08-21T00:00:00
db:JVNDBid:JVNDB-2017-014182date:2018-11-07T00:00:00
db:CNNVDid:CNNVD-201808-497date:2018-08-17T00:00:00
db:NVDid:CVE-2017-17305date:2018-08-21T13:29:00.263