CVE-2017-17167 - OpenCVE

Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Dp300 Dp300 Firmware Tp3206 Tp3206 Firmware Viewpoint 9030 Viewpoint 9030 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:tp3206:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:::::::*
	cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:::::::*

cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en
http://www.securityfocus.com/bid/103513

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2018-03-09T17:00:00

Updated: 2024-08-05T20:43:59.984Z

Reserved: 2017-12-04T00:00:00

Link: CVE-2017-17167

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-03-09T17:29:00.643

Modified: 2018-03-29T01:29:00.447

Link: CVE-2017-17167

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "DP300; TP3206; ViewPoint 9030", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "DP300 V500R002C00"}, {"status": "affected", "version": "TP3206 V100R002C00"}, {"status": "affected", "version": "ViewPoint 9030 V100R011C02"}, {"status": "affected", "version": "V100R011C03"}]}], "datePublic": "2017-12-15T00:00:00", "descriptions": [{"lang": "en", "value": "Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information."}], "problemTypes": [{"descriptions": [{"description": "use of a broken or risky cryptographic algorithm", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-28T09:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"}, {"name": "103513", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103513"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2017-17167", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "DP300; TP3206; ViewPoint 9030", "version": {"version_data": [{"version_value": "DP300 V500R002C00"}, {"version_value": "TP3206 V100R002C00"}, {"version_value": "ViewPoint 9030 V100R011C02"}, {"version_value": "V100R011C03"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "use of a broken or risky cryptographic algorithm"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"}, {"name": "103513", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103513"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:43:59.984Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"}, {"name": "103513", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103513"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-17167", "datePublished": "2018-03-09T17:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-08-05T20:43:59.984Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "matchCriteriaId": "8871106B-D3AF-4CFB-A544-1FA411642428", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F3483B2-9EB6-4E34-900A-945C04A3160D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*", "matchCriteriaId": "D28E0627-0B19-4616-933E-76294F83813F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:tp3206:-:*:*:*:*:*:*:*", "matchCriteriaId": "45ED506D-5094-476B-83F0-CBBED04EF348", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*", "matchCriteriaId": "3C83F8B1-67D2-4D4C-8FB5-2C61EDD0FCF3", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*", "matchCriteriaId": "0ADEC8B2-CD7F-4246-88C0-E27B939829AB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*", "matchCriteriaId": "F6208C34-D92D-4605-B4AF-6EA597CBA0F2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information."}, {"lang": "es", "value": "Huawei DP300 V500R002C00; TP3206 V100R002C00 y ViewPoint 9030 V100R011C02 y V100R011C03 tienen una vulnerabilidad de uso de algoritmo criptogr\u00e1fico roto o con riesgo. El software emplea un algoritmo criptogr\u00e1fico con riesgo en SSL. Esto es peligroso porque un atacante remoto no autenticado podr\u00eda emplear t\u00e9cnicas conocidas para romper el algoritmo. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda resultar en la exposici\u00f3n de informaci\u00f3n sensible."}], "id": "CVE-2017-17167", "lastModified": "2018-03-29T01:29:00.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-09T17:29:00.643", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"}, {"source": "psirt@huawei.com", "url": "http://www.securityfocus.com/bid/103513"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}