var-201803-1043
Vulnerability from variot
Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information. Huawei DP300, TP3206, and ViewPoint 9030 are products of China Huawei. The DP300 is a video conferencing terminal. The TP3206 is a panoramic video conferencing solution. The ViewPoint 9030 is a multipoint control unit for video conferencing systems. The vulnerability stems from the fact that devices support the use of weak encryption algorithm sets in SSL connections. Multiple Huawei Products are prone to an information-disclosure vulnerability. There are security vulnerabilities in Huawei DP300, TP3206, and ViewPoint 9030
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1043",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dp300",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v500r002c00"
},
{
"model": "tp3206",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v100r002c00"
},
{
"model": "viewpoint 9030",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v100r011c02"
},
{
"model": "viewpoint 9030",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v100r011c03"
},
{
"model": "dp300 v500r002c00",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "viewpoint v100r011c03",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "9030"
},
{
"model": "viewpoint v100r011c02",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "9030"
},
{
"model": "tp3206 v100r002c00",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "viewpoint v100r011c03spc800",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "9030"
},
{
"model": "tp3206 v100r002c00spc800",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "dp300 v500r002c00spcb00",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"db": "BID",
"id": "103513"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"db": "NVD",
"id": "CVE-2017-17167"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:tp3206:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17167"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei internal tester",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
],
"trust": 0.6
},
"cve": "CVE-2017-17167",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-17167",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-37843",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-108162",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-17167",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-17167",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-37843",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-668",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-108162",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"db": "VULHUB",
"id": "VHN-108162"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"db": "NVD",
"id": "CVE-2017-17167"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information. Huawei DP300, TP3206, and ViewPoint 9030 are products of China Huawei. The DP300 is a video conferencing terminal. The TP3206 is a panoramic video conferencing solution. The ViewPoint 9030 is a multipoint control unit for video conferencing systems. The vulnerability stems from the fact that devices support the use of weak encryption algorithm sets in SSL connections. Multiple Huawei Products are prone to an information-disclosure vulnerability. There are security vulnerabilities in Huawei DP300, TP3206, and ViewPoint 9030",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17167"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"db": "BID",
"id": "103513"
},
{
"db": "VULHUB",
"id": "VHN-108162"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17167",
"trust": 3.4
},
{
"db": "BID",
"id": "103513",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-668",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-37843",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-108162",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"db": "VULHUB",
"id": "VHN-108162"
},
{
"db": "BID",
"id": "103513"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"db": "NVD",
"id": "CVE-2017-17167"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
]
},
"id": "VAR-201803-1043",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"db": "VULHUB",
"id": "VHN-108162"
}
],
"trust": 1.674424575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37843"
}
]
},
"last_update_date": "2023-12-18T13:43:48.527000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20171215-01-ssl",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"
},
{
"title": "Patch for HuaweiDP300, TP3206, and ViewPoint9030 weak encryption algorithm vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/111429"
},
{
"title": "Huawei DP300 , TP3206 and ViewPoint 9030 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77206"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108162"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"db": "NVD",
"id": "CVE-2017-17167"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/103513"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17167"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17167"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171215-01-ssl-cn"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"db": "VULHUB",
"id": "VHN-108162"
},
{
"db": "BID",
"id": "103513"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"db": "NVD",
"id": "CVE-2017-17167"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"db": "VULHUB",
"id": "VHN-108162"
},
{
"db": "BID",
"id": "103513"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"db": "NVD",
"id": "CVE-2017-17167"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"date": "2018-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-108162"
},
{
"date": "2018-12-15T00:00:00",
"db": "BID",
"id": "103513"
},
{
"date": "2018-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"date": "2018-03-09T17:29:00.643000",
"db": "NVD",
"id": "CVE-2017-17167"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"date": "2018-03-29T00:00:00",
"db": "VULHUB",
"id": "VHN-108162"
},
{
"date": "2018-12-15T00:00:00",
"db": "BID",
"id": "103513"
},
{
"date": "2018-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"date": "2018-03-29T01:29:00.447000",
"db": "NVD",
"id": "CVE-2017-17167"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Vulnerability in using cryptographic algorithms in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.