CVE-2017-8174

Published Nov 22, 2017

Last updated 7 years ago

CVSS high 7.5

Overview

Description: Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links.
Source: psirt@huawei.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-326

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c30spc300:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAFA27DF-1E1A-4BD3-B8AB-44380DC96914"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C281B511-7A27-4FC6-9427-AE5AD7C302F3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30spc500:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD690C0B-5478-4198-B439-65A3BCD715D0"
          },
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30spc600:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FC8712D-57B8-4840-9A64-52D0C2C947D4"
          },
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30spc700:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCF27A0E-D1EA-40F0-8105-7F2AC934D170"
          },
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E8FAC44-6E1C-4345-BDE9-1BF138D079AF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BE469876-F873-4705-9760-097AE840A818"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References