var-201711-0937
Vulnerability from variot
Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links. Both Huawei USG6300 and USG6600 are firewall devices of China Huawei (Huawei). There are security vulnerabilities in Huawei USG6300 and USG6600. The following products and versions are affected: Huawei USG6300 V100R001C30SPC300; Secospace USG6600 V100R001C30SPC500, V100R001C30SPC600, V100R001C30SPC700, and V100R001C30SPC800
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0937", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "secospace usg6300", scope: "eq", trust: 2.4, vendor: "huawei", version: "v100r001c30spc300", }, { model: "secospace usg6600", scope: "eq", trust: 2.4, vendor: "huawei", version: "v100r001c30spc500", }, { model: "secospace usg6600", scope: "eq", trust: 2.4, vendor: "huawei", version: "v100r001c30spc600", }, { model: "secospace usg6600", scope: "eq", trust: 2.4, vendor: "huawei", version: "v100r001c30spc700", }, { model: "secospace usg6600", scope: "eq", trust: 2.4, vendor: "huawei", version: "v100r001c30spc800", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-010803", }, { db: "NVD", id: "CVE-2017-8174", }, { db: "CNNVD", id: "CNNVD-201708-149", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c30spc300:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30spc800:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30spc600:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30spc700:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30spc500:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-8174", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Huawei", sources: [ { db: "CNNVD", id: "CNNVD-201708-149", }, ], trust: 0.6, }, cve: "CVE-2017-8174", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2017-8174", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-116377", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2017-8174", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-8174", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201708-149", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-116377", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-116377", }, { db: "JVNDB", id: "JVNDB-2017-010803", }, { db: "NVD", id: "CVE-2017-8174", }, { db: "CNNVD", id: "CNNVD-201708-149", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links. Both Huawei USG6300 and USG6600 are firewall devices of China Huawei (Huawei). There are security vulnerabilities in Huawei USG6300 and USG6600. The following products and versions are affected: Huawei USG6300 V100R001C30SPC300; Secospace USG6600 V100R001C30SPC500, V100R001C30SPC600, V100R001C30SPC700, and V100R001C30SPC800", sources: [ { db: "NVD", id: "CVE-2017-8174", }, { db: "JVNDB", id: "JVNDB-2017-010803", }, { db: "VULHUB", id: "VHN-116377", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-8174", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2017-010803", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201708-149", trust: 0.7, }, { db: "VULHUB", id: "VHN-116377", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-116377", }, { db: "JVNDB", id: "JVNDB-2017-010803", }, { db: "NVD", id: "CVE-2017-8174", }, { db: "CNNVD", id: "CNNVD-201708-149", }, ], }, id: "VAR-201711-0937", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-116377", }, ], trust: 0.49535110000000004, }, last_update_date: "2023-12-18T13:43:56.524000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "huawei-sa-20170802-01-usg", trust: 0.8, url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-usg-en", }, { title: "Huawei USG6300 and USG6600 Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74821", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-010803", }, { db: "CNNVD", id: "CNNVD-201708-149", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-326", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-116377", }, { db: "JVNDB", id: "JVNDB-2017-010803", }, { db: "NVD", id: "CVE-2017-8174", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-usg-en", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8174", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-8174", }, ], sources: [ { db: "VULHUB", id: "VHN-116377", }, { db: "JVNDB", id: "JVNDB-2017-010803", }, { db: "NVD", id: "CVE-2017-8174", }, { db: "CNNVD", id: "CNNVD-201708-149", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-116377", }, { db: "JVNDB", id: "JVNDB-2017-010803", }, { db: "NVD", id: "CVE-2017-8174", }, { db: "CNNVD", id: "CNNVD-201708-149", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-11-22T00:00:00", db: "VULHUB", id: "VHN-116377", }, { date: "2017-12-25T00:00:00", db: "JVNDB", id: "JVNDB-2017-010803", }, { date: "2017-11-22T19:29:04.130000", db: "NVD", id: "CVE-2017-8174", }, { date: "2017-08-02T00:00:00", db: "CNNVD", id: "CNNVD-201708-149", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-12-12T00:00:00", db: "VULHUB", id: "VHN-116377", }, { date: "2017-12-25T00:00:00", db: "JVNDB", id: "JVNDB-2017-010803", }, { date: "2017-12-12T18:08:03.233000", db: "NVD", id: "CVE-2017-8174", }, { date: "2017-09-21T00:00:00", db: "CNNVD", id: "CNNVD-201708-149", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201708-149", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Huawei USG6300 and USG6600 Vulnerabilities related to cryptographic strength in Japanese software", sources: [ { db: "JVNDB", id: "JVNDB-2017-010803", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "lack of information", sources: [ { db: "CNNVD", id: "CNNVD-201708-149", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.