CVE-2017-17305

5.9MEDIUM

Key Information

Vendor: McAfee
Status: Usg2205bsr; Usg2220bsr; Usg5120bsr; Usg5150bsr
Vendor: CVE Published:; 21 August 2018

Summary

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability can impact IPSec tunnel security.

Affected Version(s)

USG2205BSR; USG2220BSR; USG5120BSR; USG5150BSR = USG2205BSR V300R001C10SPC600

USG2205BSR; USG2220BSR; USG5120BSR; USG5150BSR = USG2220BSR V300R001C00

USG2205BSR; USG2220BSR; USG5120BSR; USG5150BSR = USG5120BSR V300R001C00

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2018
Vulnerability Reserved
Dec 4, 2017

Collectors

NVD DatabaseMitre Database