VAR-201803-1043
Vulnerability from variot - Updated: 2023-12-18 13:43Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information. Huawei DP300, TP3206, and ViewPoint 9030 are products of China Huawei. The DP300 is a video conferencing terminal. The TP3206 is a panoramic video conferencing solution. The ViewPoint 9030 is a multipoint control unit for video conferencing systems. The vulnerability stems from the fact that devices support the use of weak encryption algorithm sets in SSL connections. Multiple Huawei Products are prone to an information-disclosure vulnerability. There are security vulnerabilities in Huawei DP300, TP3206, and ViewPoint 9030
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1043",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dp300",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v500r002c00"
},
{
"model": "tp3206",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v100r002c00"
},
{
"model": "viewpoint 9030",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v100r011c02"
},
{
"model": "viewpoint 9030",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v100r011c03"
},
{
"model": "dp300 v500r002c00",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "viewpoint v100r011c03",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "9030"
},
{
"model": "viewpoint v100r011c02",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "9030"
},
{
"model": "tp3206 v100r002c00",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "viewpoint v100r011c03spc800",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "9030"
},
{
"model": "tp3206 v100r002c00spc800",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "dp300 v500r002c00spcb00",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"db": "BID",
"id": "103513"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"db": "NVD",
"id": "CVE-2017-17167"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:tp3206:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17167"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei internal tester",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
],
"trust": 0.6
},
"cve": "CVE-2017-17167",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-17167",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-37843",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-108162",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-17167",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-17167",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-37843",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-668",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-108162",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"db": "VULHUB",
"id": "VHN-108162"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"db": "NVD",
"id": "CVE-2017-17167"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information. Huawei DP300, TP3206, and ViewPoint 9030 are products of China Huawei. The DP300 is a video conferencing terminal. The TP3206 is a panoramic video conferencing solution. The ViewPoint 9030 is a multipoint control unit for video conferencing systems. The vulnerability stems from the fact that devices support the use of weak encryption algorithm sets in SSL connections. Multiple Huawei Products are prone to an information-disclosure vulnerability. There are security vulnerabilities in Huawei DP300, TP3206, and ViewPoint 9030",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17167"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"db": "BID",
"id": "103513"
},
{
"db": "VULHUB",
"id": "VHN-108162"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17167",
"trust": 3.4
},
{
"db": "BID",
"id": "103513",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-668",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-37843",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-108162",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"db": "VULHUB",
"id": "VHN-108162"
},
{
"db": "BID",
"id": "103513"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"db": "NVD",
"id": "CVE-2017-17167"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
]
},
"id": "VAR-201803-1043",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"db": "VULHUB",
"id": "VHN-108162"
}
],
"trust": 1.674424575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37843"
}
]
},
"last_update_date": "2023-12-18T13:43:48.527000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20171215-01-ssl",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"
},
{
"title": "Patch for HuaweiDP300, TP3206, and ViewPoint9030 weak encryption algorithm vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/111429"
},
{
"title": "Huawei DP300 , TP3206 and ViewPoint 9030 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77206"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108162"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"db": "NVD",
"id": "CVE-2017-17167"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/103513"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17167"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17167"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171215-01-ssl-cn"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"db": "VULHUB",
"id": "VHN-108162"
},
{
"db": "BID",
"id": "103513"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"db": "NVD",
"id": "CVE-2017-17167"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"db": "VULHUB",
"id": "VHN-108162"
},
{
"db": "BID",
"id": "103513"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"db": "NVD",
"id": "CVE-2017-17167"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"date": "2018-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-108162"
},
{
"date": "2018-12-15T00:00:00",
"db": "BID",
"id": "103513"
},
{
"date": "2018-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"date": "2018-03-09T17:29:00.643000",
"db": "NVD",
"id": "CVE-2017-17167"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37843"
},
{
"date": "2018-03-29T00:00:00",
"db": "VULHUB",
"id": "VHN-108162"
},
{
"date": "2018-12-15T00:00:00",
"db": "BID",
"id": "103513"
},
{
"date": "2018-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012811"
},
{
"date": "2018-03-29T01:29:00.447000",
"db": "NVD",
"id": "CVE-2017-17167"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Vulnerability in using cryptographic algorithms in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012811"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-668"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…