PT-2018-6479 · Huawei · Usg5150Bsr+4
Dennis Felsch
+2
·
Publicado
2018-08-13
·
Atualizado
2018-10-12
·
CVE-2017-17305
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Huawei Firewall products USG2205BSR version V300R001C10SPC600
Huawei Firewall products USG2220BSR version V300R001C00
Huawei Firewall products USG5120BSR version V300R001C00
Huawei Firewall products USG5150BSR version V300R001C00
Description:
The issue is related to a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle, causing a Bleichenbacher oracle attack. Successful exploitation of this issue can impact IPSec tunnel security.
Recommendations:
For USG2205BSR version V300R001C10SPC600, consider disabling the IPSEC IKEv1 implementation until a patch is available.
For USG2220BSR version V300R001C00, consider disabling the IPSEC IKEv1 implementation until a patch is available.
For USG5120BSR version V300R001C00, consider disabling the IPSEC IKEv1 implementation until a patch is available.
For USG5150BSR version V300R001C00, consider disabling the IPSEC IKEv1 implementation until a patch is available.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Huawei Vrp
Usg2205Bsr
Usg2220Bsr
Usg5120Bsr
Usg5150Bsr