CVE-2017-17138

Name of the Vulnerable Software and Affected Versions DP300 V500R002C00 IPS Module versions V500R001C00 through V500R001C30 NGFW Module versions V500R001C00 through V500R002C00 NIP6300 versions V500R001C00 through V500R001C30 NIP6600 versions V500R001C00 through V500R001C30 RP200 versions V500R002C00 through V600R006C00 S12700 versions V200R007C00 through V200R010C00 S1700 versions V200R006C10 through V200R010C00 S2700 versions V200R006C10 through V200R010C00 S5700 versions V200R006C00 through V200R010C00 S6700 versions V200R008C00 through V200R010C00 S7700 versions V200R007C00 through V200R010C00 S9700 versions V200R007C00 through V200R010C00 Secospace USG6300 versions V500R001C00 through V500R001C30 Secospace USG6500 versions V500R001C00 through V500R001C30 Secospace USG6600 versions V500R001C00 through V500R001C30 TE30 versions V100R001C02 through V100R001C10 and V500R002C00 through V600R006C00 TE40 versions V500R002C00 through V600R006C00 TE50 versions V500R002C00 through V600R006C00 TE60 versions V100R001C01 through V100R001C10 and V500R002C00 through V600R006C00 TP3106 version V100R002C00 TP3206 versions V100R002C00 through V100R002C10 USG9500 versions V500R001C00 through V500R001C30 ViewPoint 9030 versions V100R011C02 through V100R011C03

Description The PEM module of Huawei products has a DoS vulnerability due to insufficient verification. An authenticated local attacker can make processing into a deadloop by a malicious certificate, causing a denial of service.

Recommendations For DP300 V500R002C00, update to a version that fixes the vulnerability. For IPS Module versions V500R001C00 through V500R001C30, update to a version that fixes the vulnerability. For NGFW Module versions V500R001C00 through V500R002C00, update to a version that fixes the vulnerability. For NIP6300 versions V500R001C00 through V500R001C30, update to a version that fixes the vulnerability. For NIP6600 versions V500R001C00 through V500R001C30, update to a version that fixes the vulnerability. For RP200 versions V500R002C00 through V600R006C00, update to a version that fixes the vulnerability. For S12700 versions V200R007C00 through V200R010C00, update to a version that fixes the vulnerability. For S1700 versions V200R006C10 through V200R010C00, update to a version that fixes the vulnerability. For S2700 versions V200R006C10 through V200R010C00, update to a version that fixes the vulnerability. For S5700 versions V200R006C00 through V200R010C00, update to a version that fixes the vulnerability. For S6700 versions V200R008C00 through V200R010C00, update to a version that fixes the vulnerability. For S7700 versions V200R007C00 through V200R010C00, update to a version that fixes the vulnerability. For S9700 versions V200R007C00 through V200R010C00, update to a version that fixes the vulnerability. For Secospace USG6300 versions V500R001C00 through V500R001C30, update to a version that fixes the vulnerability. For Secospace USG6500 versions V500R001C00 through V500R001C30, update to a version that fixes the vulnerability. For Secospace USG6600 versions V500R001C00 through V500R001C30, update to a version that fixes the vulnerability. For TE30 versions V100R001C02 through V100R001C10 and V500R002C00 through V600R006C00, update to a version that fixes the vulnerability. For TE40 versions V500R002C00 through V600R006C00, update to a version that fixes the vulnerability. For TE50 versions V500R002C00 through V600R006C00, update to a version that fixes the vulnerability. For TE60 versions V100R001C01 through V100R001C10 and V500R002C00 through V600R006C00, update to a version that fixes the vulnerability. For TP3106 version V100R002C00, update to a version that fixes the vulnerability. For TP3206 versions V100R002C00 through V100R002C10, update to a version that fixes the vulnerability. For USG9500 versions V500R001C00 through V500R001C30, update to a version that fixes the vulnerability. For ViewPoint 9030 versions V100R011C02 through V100R011C03, update to a version that fixes the vulnerability. As a temporary workaround, consider disabling the malicious certificate processing until a patch is available.