Denial of Service Vulnerability in Huawei's PEM Module
CVE-2017-17138

5.5MEDIUM

Key Information:

Vendor
McAfee
Status
Dp300; Ips Module; Ngfw Module; Nip6300; Nip6600; Rp200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace Usg6300; Secospace Usg6500; Secospace Usg6600; Te30; Te40; Te50; Te60; Tp3106; Tp3206; Usg9500; VieWPoint 9030
Vendor
CVE Published:
5 March 2018

Summary

The PEM module of various Huawei products is prone to a Denial of Service vulnerability caused by insufficient verification of certificates. An authenticated local attacker could exploit this flaw by providing a maliciously crafted certificate, leading to a processing deadlock and rendering the service unavailable. This vulnerability highlights the necessity for robust verification mechanisms to safeguard against potential disruptions caused by unauthorized access.

Affected Version(s)

DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 DP300 V500R002C00

DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 IPS Module V500R001C00

DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 V500R001C30

References

http://www.huawei.com/en/psirt/security-advisories/huawei...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.