CRITICAL🇵🇱 Wersja polska

CVE-2017-17301

CVSS 9.8v3.0pub. 2018-02-15upd. 2024-11-21

Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR2200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 5800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 6800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 7800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, DP300 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, TE30 V100R001C10, TE60 V100R003C00, V500R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, ViewPoint 8660 V100R008C02, V100R008C03, eSpace IAD V300R002C01, eSpace U1981 V200R003C20, V200R003C30, eSpace USM V100R001C01, V300R001C00 have a weak cryptography vulnerability. Due to not properly some values in the certificates, an unauthenticated remote attacker could forges a specific RSA certificate and exploits the vulnerability to pass identity authentication and logs into the target device to obtain permissions configured for the specific user name.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Huawei Ar1200

    HW
    Huawei
    wszystkie wersje
  • Huawei Ar1200 Firmware

    OS
    Huawei
    v200r005c20v200r005c32v200r006c10v200r007c00v200r007c01v200r007c02v200r008c20
  • Huawei Ar1200 S

    HW
    Huawei
    wszystkie wersje
  • Huawei Ar1200 S Firmware

    OS
    Huawei
    v200r005c32v200r006c10v200r007c00v200r008c20
  • Huawei Ar120 S

    HW
    Huawei
    wszystkie wersje
  • Huawei Ar120 S Firmware

    OS
    Huawei
    v200r005c32v200r006c10v200r007c00v200r008c20
  • Huawei Ar150

    HW
    Huawei
    wszystkie wersje
  • Huawei Ar150 Firmware

    OS
    Huawei
    v200r006c10v200r007c00v200r007c01v200r007c02v200r008c20
  • Huawei Ar160

    HW
    Huawei
    wszystkie wersje
  • Huawei Ar160 Firmware

    OS
    Huawei
    v200r005c32v200r006c10v200r007c00v200r007c01v200r007c02v200r008c20
  • Huawei Ar200

    HW
    Huawei
    wszystkie wersje
  • Huawei Ar200 Firmware

    OS
    Huawei
    v200r005c32v200r006c10v200r007c00v200r007c01v200r008c20
  • Huawei Ar200 S

    HW
    Huawei
    wszystkie wersje
  • Huawei Ar200 S Firmware

    OS
    Huawei
    v200r005c32v200r006c10v200r007c00v200r007c01v200r008c20
  • Huawei Ar2200

    HW
    Huawei
    wszystkie wersje
  • Huawei Ar2200 Firmware

    OS
    Huawei
    v200r005c20v200r005c32v200r006c10v200r007c00v200r007c01v200r007c02v200r008c20
  • Huawei Ar2200 S

    HW
    Huawei
    wszystkie wersje
  • Huawei Ar2200 S Firmware

    OS
    Huawei
    v200r005c32v200r006c10v200r007c00v200r008c20
  • Huawei Ar3200

    HW
    Huawei
    wszystkie wersje
  • Huawei Ar3200 Firmware

    OS
    Huawei
    v200r005c32v200r006c10v200r006c11v200r007c00v200r007c01v200r007c02v200r008c00v200r008c10v200r008c20v200r008c30
  • Huawei Ar3600

    HW
    Huawei
    wszystkie wersje
  • Huawei Ar3600 Firmware

    OS
    Huawei
    v200r006c10v200r007c00v200r007c01v200r008c20
  • Huawei Ar510

    HW
    Huawei
    wszystkie wersje
  • Huawei Ar510 Firmware

    OS
    Huawei
    v200r005c32v200r006c10v200r007c00v200r008c20
  • Huawei Cloudengine 12800

    HW
    Huawei
    wszystkie wersje
  • Huawei Cloudengine 12800 Firmware

    OS
    Huawei
    v100r003c00v100r003c10v100r005c00v100r005c10v100r006c00v200r001c00
  • Huawei Cloudengine 5800

    HW
    Huawei
    wszystkie wersje
  • Huawei Cloudengine 5800 Firmware

    OS
    Huawei
    v100r003c00v100r003c10v100r005c00v100r005c10v100r006c00v200r001c00
  • Huawei Cloudengine 6800

    HW
    Huawei
    wszystkie wersje
  • Huawei Cloudengine 6800 Firmware

    OS
    Huawei
    v100r003c00v100r003c10v100r005c00v100r005c10v100r006c00v200r001c00
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-9068CRITICAL9.8ten sam produkt

Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SP...

CVE-2016-6206CRITICAL9.8ten sam produkt

Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of servi...

CVE-2016-6178CRITICAL9.8ten sam produkt

Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before...

CVE-2021-40008HIGH7.5ten sam produkt

There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC80...

CVE-2021-39976HIGH7.8ten sam produkt

There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege ...