Weak Cryptography Vulnerability in Huawei Network Devices
CVE-2017-17301
Summary
Multiple Huawei network devices are affected by a weak cryptography vulnerability due to improper handling of values in certificates. This flaw allows unauthenticated remote attackers to forge specific RSA certificates. Successful exploitation enables the attackers to bypass identity authentication and gain access to the target device, potentially obtaining permissions linked to a specific user account. Security measures should be taken to mitigate this risk and ensure protected access to network management features.
Affected Version(s)
AR120-S,AR1200,AR1200-S,AR150,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800,DP300,SMC2.0,SRG1300,SRG2300,SRG3300,TE30,TE60,VP9660,ViewPoint 8660,eSpace IAD,eSpace U1981,eSpace USM AR120-SV200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-SV200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR160V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR200V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR200-SV200R005C32, V200R006C10, V200R007C00, V200R008C20, AR2200V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR2200-SV200R005C32, V200R006C10, V200R007C00, V200R008C20, AR3200V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510V200R005C32, V200R006C10, V200R007C00, V200R008C20, CloudEngine 12800V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEn ...[truncated*]
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved