CVE-2017-8174 - OpenCVE

Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Secospace Usg6600 Firmware Secospace Usg6300 Firmware Secospace Usg6600 Secospace Usg6300

Configuration 1 [-]

AND

cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c30spc300:*:*:*:*:*:*:*

cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30spc500:::::::*
	cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30spc600:::::::*
	cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30spc700:::::::*
	cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30spc800:::::::*

cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-usg-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2017-11-15T00:00:00

Updated: 2017-11-22T18:57:01

Reserved: 2017-04-25T00:00:00

Link: CVE-2017-8174

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-11-22T19:29:04.130

Modified: 2017-12-12T18:08:03.233

Link: CVE-2017-8174

JSON object: View

Redhat Information

No data.

CWE

CWE-326

{"containers": {"cna": {"affected": [{"product": "Secospace USG6300,Secospace USG6600", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "V100R001C30SPC300,V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links."}], "problemTypes": [{"descriptions": [{"description": "Weak Algorithm", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-22T18:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-usg-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2017-8174", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Secospace USG6300,Secospace USG6600", "version": {"version_data": [{"version_value": "V100R001C30SPC300,V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Weak Algorithm"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-usg-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-usg-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-8174", "datePublished": "2017-11-15T00:00:00", "dateReserved": "2017-04-25T00:00:00", "dateUpdated": "2017-11-22T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c30spc300:*:*:*:*:*:*:*", "matchCriteriaId": "DAFA27DF-1E1A-4BD3-B8AB-44380DC96914", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*", "matchCriteriaId": "C281B511-7A27-4FC6-9427-AE5AD7C302F3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30spc500:*:*:*:*:*:*:*", "matchCriteriaId": "BD690C0B-5478-4198-B439-65A3BCD715D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30spc600:*:*:*:*:*:*:*", "matchCriteriaId": "0FC8712D-57B8-4840-9A64-52D0C2C947D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30spc700:*:*:*:*:*:*:*", "matchCriteriaId": "BCF27A0E-D1EA-40F0-8105-7F2AC934D170", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30spc800:*:*:*:*:*:*:*", "matchCriteriaId": "8E8FAC44-6E1C-4345-BDE9-1BF138D079AF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE469876-F873-4705-9760-097AE840A818", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links."}, {"lang": "es", "value": "Huawei USG6300 V100R001C30SPC300 y USG6600 con versiones de software V100R001C30SPC500, V100R001C30SPC600, V100R001C30SPC700 y ,V100R001C30SPC800 tiene una vulnerabilidad de algoritmo d\u00e9bil. Los atacantes podr\u00edan explotar esta vulnerabilidad de algoritmo d\u00e9bil para descifrar el texto cifrado y provocar fugas de informaci\u00f3n confidencial en los enlaces de transmisi\u00f3n."}], "id": "CVE-2017-8174", "lastModified": "2017-12-12T18:08:03.233", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-22T19:29:04.130", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-usg-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}