cvelistv5 - cve-2017-17167

CVE-2017-17167 (GCVE-0-2017-17167)

Vulnerability from cvelistv5 – Published: 2018-03-09 17:00 – Updated: 2024-08-05 20:43

Summary

Severity ?

No CVSS data available.

CWE

use of a broken or risky cryptographic algorithm

Assigner

huawei

References

URL

Tags

	http://www.huawei.com/en/psirt/security-advisorie…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/103513	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	DP300; TP3206; ViewPoint 9030	Affected: DP300 V500R002C00 Affected: TP3206 V100R002C00 Affected: ViewPoint 9030 V100R011C02 Affected: V100R011C03

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:43:59.984Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"
          },
          {
            "name": "103513",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103513"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DP300; TP3206; ViewPoint 9030",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "DP300 V500R002C00"
            },
            {
              "status": "affected",
              "version": "TP3206 V100R002C00"
            },
            {
              "status": "affected",
              "version": "ViewPoint 9030 V100R011C02"
            },
            {
              "status": "affected",
              "version": "V100R011C03"
            }
          ]
        }
      ],
      "datePublic": "2017-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "use of a broken or risky cryptographic algorithm",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-28T09:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"
        },
        {
          "name": "103513",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103513"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-17167",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DP300; TP3206; ViewPoint 9030",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "DP300 V500R002C00"
                          },
                          {
                            "version_value": "TP3206 V100R002C00"
                          },
                          {
                            "version_value": "ViewPoint 9030 V100R011C02"
                          },
                          {
                            "version_value": "V100R011C03"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "use of a broken or risky cryptographic algorithm"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"
            },
            {
              "name": "103513",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103513"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2017-17167",
    "datePublished": "2018-03-09T17:00:00",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-08-05T20:43:59.984Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8871106B-D3AF-4CFB-A544-1FA411642428\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F3483B2-9EB6-4E34-900A-945C04A3160D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D28E0627-0B19-4616-933E-76294F83813F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:tp3206:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45ED506D-5094-476B-83F0-CBBED04EF348\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C83F8B1-67D2-4D4C-8FB5-2C61EDD0FCF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0ADEC8B2-CD7F-4246-88C0-E27B939829AB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6208C34-D92D-4605-B4AF-6EA597CBA0F2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information.\"}, {\"lang\": \"es\", \"value\": \"Huawei DP300 V500R002C00; TP3206 V100R002C00 y ViewPoint 9030 V100R011C02 y V100R011C03 tienen una vulnerabilidad de uso de algoritmo criptogr\\u00e1fico roto o con riesgo. El software emplea un algoritmo criptogr\\u00e1fico con riesgo en SSL. Esto es peligroso porque un atacante remoto no autenticado podr\\u00eda emplear t\\u00e9cnicas conocidas para romper el algoritmo. La explotaci\\u00f3n exitosa de esta vulnerabilidad podr\\u00eda resultar en la exposici\\u00f3n de informaci\\u00f3n sensible.\"}]",
      "id": "CVE-2017-17167",
      "lastModified": "2024-11-21T03:17:37.940",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-03-09T17:29:00.643",
      "references": "[{\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/103513\", \"source\": \"psirt@huawei.com\"}, {\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/103513\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-327\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-17167\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2018-03-09T17:29:00.643\",\"lastModified\":\"2024-11-21T03:17:37.940\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information.\"},{\"lang\":\"es\",\"value\":\"Huawei DP300 V500R002C00; TP3206 V100R002C00 y ViewPoint 9030 V100R011C02 y V100R011C03 tienen una vulnerabilidad de uso de algoritmo criptogr\u00e1fico roto o con riesgo. El software emplea un algoritmo criptogr\u00e1fico con riesgo en SSL. Esto es peligroso porque un atacante remoto no autenticado podr\u00eda emplear t\u00e9cnicas conocidas para romper el algoritmo. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda resultar en la exposici\u00f3n de informaci\u00f3n sensible.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-327\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8871106B-D3AF-4CFB-A544-1FA411642428\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F3483B2-9EB6-4E34-900A-945C04A3160D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D28E0627-0B19-4616-933E-76294F83813F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:tp3206:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45ED506D-5094-476B-83F0-CBBED04EF348\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C83F8B1-67D2-4D4C-8FB5-2C61EDD0FCF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ADEC8B2-CD7F-4246-88C0-E27B939829AB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6208C34-D92D-4605-B4AF-6EA597CBA0F2\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103513\",\"source\":\"psirt@huawei.com\"},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103513\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2017-17167

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-17167

Aliases

CVE-2017-17167

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-17167",
    "description": "Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information.",
    "id": "GSD-2017-17167"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-17167"
      ],
      "details": "Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information.",
      "id": "GSD-2017-17167",
      "modified": "2023-12-13T01:21:05.050576Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2017-17167",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "DP300; TP3206; ViewPoint 9030",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "DP300 V500R002C00"
                        },
                        {
                          "version_value": "TP3206 V100R002C00"
                        },
                        {
                          "version_value": "ViewPoint 9030 V100R011C02"
                        },
                        {
                          "version_value": "V100R011C03"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Huawei Technologies Co., Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "use of a broken or risky cryptographic algorithm"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"
          },
          {
            "name": "103513",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/103513"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:tp3206:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-17167"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-327"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"
            },
            {
              "name": "103513",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/103513"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2018-03-29T01:29Z",
      "publishedDate": "2018-03-09T17:29Z"
    }
  }
}

CNVD-2017-37843

Vulnerability from cnvd - Published: 2017-12-22

Title

Huawei DP300、TP3206和ViewPoint 9030弱加密算法漏洞

Description

Huawei DP300、TP3206和ViewPoint 9030都是中国华为（Huawei）公司的产品。DP300是一款视频会议终端。TP3206是一套全景视频会议解决方案。ViewPoint 9030是一款视频会议系统的多点控制单元。 Huawei DP300、TP3206和ViewPoint 9030中存在弱加密算法漏洞，该漏洞源于设备在SSL连接中支持使用弱加密算法套。远程攻击者可通过破解弱算法利用该漏洞获取敏感信息。

Severity

中

Patch Name

Huawei DP300、TP3206和ViewPoint 9030弱加密算法漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171215-01-ssl-cn

Reference

http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171215-01-ssl-cn

Impacted products

Name
['Huawei DP300 V500R002C00', 'Huawei ViewPoint 9030 V100R011C03', 'Huawei ViewPoint 9030 V100R011C02', 'Huawei TP3206 V100R002C00']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-17167"
    }
  },
  "description": "Huawei DP300\u3001TP3206\u548cViewPoint 9030\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002DP300\u662f\u4e00\u6b3e\u89c6\u9891\u4f1a\u8bae\u7ec8\u7aef\u3002TP3206\u662f\u4e00\u5957\u5168\u666f\u89c6\u9891\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002ViewPoint 9030\u662f\u4e00\u6b3e\u89c6\u9891\u4f1a\u8bae\u7cfb\u7edf\u7684\u591a\u70b9\u63a7\u5236\u5355\u5143\u3002\r\n\r\nHuawei DP300\u3001TP3206\u548cViewPoint 9030\u4e2d\u5b58\u5728\u5f31\u52a0\u5bc6\u7b97\u6cd5\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbe\u5907\u5728SSL\u8fde\u63a5\u4e2d\u652f\u6301\u4f7f\u7528\u5f31\u52a0\u5bc6\u7b97\u6cd5\u5957\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7834\u89e3\u5f31\u7b97\u6cd5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171215-01-ssl-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-37843",
  "openTime": "2017-12-22",
  "patchDescription": "Huawei DP300\u3001TP3206\u548cViewPoint 9030\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002DP300\u662f\u4e00\u6b3e\u89c6\u9891\u4f1a\u8bae\u7ec8\u7aef\u3002TP3206\u662f\u4e00\u5957\u5168\u666f\u89c6\u9891\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002ViewPoint 9030\u662f\u4e00\u6b3e\u89c6\u9891\u4f1a\u8bae\u7cfb\u7edf\u7684\u591a\u70b9\u63a7\u5236\u5355\u5143\u3002\r\n\r\nHuawei DP300\u3001TP3206\u548cViewPoint 9030\u4e2d\u5b58\u5728\u5f31\u52a0\u5bc6\u7b97\u6cd5\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbe\u5907\u5728SSL\u8fde\u63a5\u4e2d\u652f\u6301\u4f7f\u7528\u5f31\u52a0\u5bc6\u7b97\u6cd5\u5957\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7834\u89e3\u5f31\u7b97\u6cd5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei DP300\u3001TP3206\u548cViewPoint 9030\u5f31\u52a0\u5bc6\u7b97\u6cd5\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei DP300 V500R002C00",
      "Huawei ViewPoint 9030 V100R011C03",
      "Huawei ViewPoint 9030 V100R011C02",
      "Huawei TP3206 V100R002C00"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171215-01-ssl-cn",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-19",
  "title": "Huawei DP300\u3001TP3206\u548cViewPoint 9030\u5f31\u52a0\u5bc6\u7b97\u6cd5\u6f0f\u6d1e"
}

GHSA-3V32-75Q2-76MR

Vulnerability from github – Published: 2022-05-14 03:34 – Updated: 2022-05-14 03:34

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-17167"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-327"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-09T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information.",
  "id": "GHSA-3v32-75q2-76mr",
  "modified": "2022-05-14T03:34:33Z",
  "published": "2022-05-14T03:34:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17167"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103513"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-17167

Vulnerability from fkie_nvd - Published: 2018-03-09 17:29 - Updated: 2024-11-21 03:17

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en	Vendor Advisory
psirt@huawei.com	http://www.securityfocus.com/bid/103513
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103513

Impacted products

Vendor	Product	Version
huawei	dp300_firmware	v500r002c00
huawei	dp300	-
huawei	tp3206_firmware	v100r002c00
huawei	tp3206	-
huawei	viewpoint_9030_firmware	v100r011c02
huawei	viewpoint_9030_firmware	v100r011c03
huawei	viewpoint_9030	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "8871106B-D3AF-4CFB-A544-1FA411642428",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3483B2-9EB6-4E34-900A-945C04A3160D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "D28E0627-0B19-4616-933E-76294F83813F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:tp3206:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "45ED506D-5094-476B-83F0-CBBED04EF348",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C83F8B1-67D2-4D4C-8FB5-2C61EDD0FCF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ADEC8B2-CD7F-4246-88C0-E27B939829AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6208C34-D92D-4605-B4AF-6EA597CBA0F2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information."
    },
    {
      "lang": "es",
      "value": "Huawei DP300 V500R002C00; TP3206 V100R002C00 y ViewPoint 9030 V100R011C02 y V100R011C03 tienen una vulnerabilidad de uso de algoritmo criptogr\u00e1fico roto o con riesgo. El software emplea un algoritmo criptogr\u00e1fico con riesgo en SSL. Esto es peligroso porque un atacante remoto no autenticado podr\u00eda emplear t\u00e9cnicas conocidas para romper el algoritmo. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda resultar en la exposici\u00f3n de informaci\u00f3n sensible."
    }
  ],
  "id": "CVE-2017-17167",
  "lastModified": "2024-11-21T03:17:37.940",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-09T17:29:00.643",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"
    },
    {
      "source": "psirt@huawei.com",
      "url": "http://www.securityfocus.com/bid/103513"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/103513"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-327"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201803-1043

Vulnerability from variot - Updated: 2023-12-18 13:43

Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information. Huawei DP300, TP3206, and ViewPoint 9030 are products of China Huawei. The DP300 is a video conferencing terminal. The TP3206 is a panoramic video conferencing solution. The ViewPoint 9030 is a multipoint control unit for video conferencing systems. The vulnerability stems from the fact that devices support the use of weak encryption algorithm sets in SSL connections. Multiple Huawei Products are prone to an information-disclosure vulnerability. There are security vulnerabilities in Huawei DP300, TP3206, and ViewPoint 9030

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1043",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dp300",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r002c00"
      },
      {
        "model": "tp3206",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v100r002c00"
      },
      {
        "model": "viewpoint 9030",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v100r011c02"
      },
      {
        "model": "viewpoint 9030",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v100r011c03"
      },
      {
        "model": "dp300 v500r002c00",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "viewpoint v100r011c03",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "huawei",
        "version": "9030"
      },
      {
        "model": "viewpoint v100r011c02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "huawei",
        "version": "9030"
      },
      {
        "model": "tp3206 v100r002c00",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "viewpoint v100r011c03spc800",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9030"
      },
      {
        "model": "tp3206 v100r002c00spc800",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "dp300 v500r002c00spcb00",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37843"
      },
      {
        "db": "BID",
        "id": "103513"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012811"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17167"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-668"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:tp3206:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-17167"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei internal tester",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-668"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2017-17167",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-17167",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2017-37843",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-108162",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-17167",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-17167",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-37843",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201712-668",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-108162",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37843"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108162"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012811"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17167"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-668"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information. Huawei DP300, TP3206, and ViewPoint 9030 are products of China Huawei. The DP300 is a video conferencing terminal. The TP3206 is a panoramic video conferencing solution. The ViewPoint 9030 is a multipoint control unit for video conferencing systems. The vulnerability stems from the fact that devices support the use of weak encryption algorithm sets in SSL connections. Multiple Huawei Products are prone to an information-disclosure vulnerability. There are security vulnerabilities in Huawei DP300, TP3206, and ViewPoint 9030",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-17167"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012811"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37843"
      },
      {
        "db": "BID",
        "id": "103513"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108162"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-17167",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "103513",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012811",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-668",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37843",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-108162",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37843"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108162"
      },
      {
        "db": "BID",
        "id": "103513"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012811"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17167"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-668"
      }
    ]
  },
  "id": "VAR-201803-1043",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37843"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108162"
      }
    ],
    "trust": 1.674424575
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37843"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:43:48.527000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20171215-01-ssl",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"
      },
      {
        "title": "Patch for HuaweiDP300, TP3206, and ViewPoint9030 weak encryption algorithm vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/111429"
      },
      {
        "title": "Huawei DP300 , TP3206  and ViewPoint 9030 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77206"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37843"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012811"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-668"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-327",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108162"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012811"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17167"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/103513"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17167"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17167"
      },
      {
        "trust": 0.6,
        "url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171215-01-ssl-cn"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37843"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108162"
      },
      {
        "db": "BID",
        "id": "103513"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012811"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17167"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-668"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37843"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108162"
      },
      {
        "db": "BID",
        "id": "103513"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012811"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17167"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-668"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-37843"
      },
      {
        "date": "2018-03-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108162"
      },
      {
        "date": "2018-12-15T00:00:00",
        "db": "BID",
        "id": "103513"
      },
      {
        "date": "2018-04-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012811"
      },
      {
        "date": "2018-03-09T17:29:00.643000",
        "db": "NVD",
        "id": "CVE-2017-17167"
      },
      {
        "date": "2017-12-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-668"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-37843"
      },
      {
        "date": "2018-03-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108162"
      },
      {
        "date": "2018-12-15T00:00:00",
        "db": "BID",
        "id": "103513"
      },
      {
        "date": "2018-04-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012811"
      },
      {
        "date": "2018-03-29T01:29:00.447000",
        "db": "NVD",
        "id": "CVE-2017-17167"
      },
      {
        "date": "2017-12-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-668"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-668"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Huawei Vulnerability in using cryptographic algorithms in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012811"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-668"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-17167 (GCVE-0-2017-17167)

GSD-2017-17167

CNVD-2017-37843

GHSA-3V32-75Q2-76MR

FKIE_CVE-2017-17167

VAR-201803-1043

Tags

Sightings

Nomenclature