CVE-2017-17301

Name of the Vulnerable Software and Affected Versions Huawei AR120-S versions V200R005C32 through V200R008C20 Huawei AR1200 versions V200R005C20 through V200R008C20 Huawei AR1200-S versions V200R005C32 through V200R008C20 Huawei AR150 versions V200R006C10 through V200R008C20 Huawei AR160 versions V200R005C32 through V200R008C20 Huawei AR200 versions V200R005C32 through V200R008C20 Huawei AR200-S versions V200R005C32 through V200R008C20 Huawei AR2200 versions V200R005C20 through V200R008C20 Huawei AR2200-S versions V200R005C32 through V200R008C20 Huawei AR3200 versions V200R005C32 through V200R008C30 Huawei AR3600 versions V200R006C10 through V200R008C20 Huawei AR510 versions V200R005C32 through V200R008C20 Huawei CloudEngine 12800 versions V100R003C00 through V200R001C00 Huawei CloudEngine 5800 versions V100R003C00 through V200R001C00 Huawei CloudEngine 6800 versions V100R003C00 through V200R001C00 Huawei CloudEngine 7800 versions V100R003C00 through V200R001C00 Huawei DP300 version V500R002C00 Huawei SMC2.0 versions V100R003C10 through V500R002C00 Huawei SRG1300 versions V200R005C32 through V200R008C20 Huawei SRG2300 versions V200R005C32 through V200R008C20 Huawei SRG3300 versions V200R005C32 through V200R008C20 Huawei TE30 version V100R001C10 Huawei TE60 version V100R003C00 Huawei VP9660 versions V200R001C02 through V500R002C00 Huawei ViewPoint 8660 versions V100R008C02 through V100R008C03 Huawei eSpace IAD version V300R002C01 Huawei eSpace U1981 versions V200R003C20 through V200R003C30 Huawei eSpace USM versions V100R001C01 through V300R001C00

Description The issue is related to weak cryptography. Due to improper handling of certain values in certificates, an unauthenticated remote attacker could forge a specific RSA certificate and exploit the vulnerability to pass identity authentication and log into the target device, obtaining permissions configured for the specific user name.

Recommendations For each affected version, update the software to a version that properly handles certificate values to prevent exploitation. As a temporary workaround, consider restricting access to the target device to minimize the risk of exploitation. Avoid using the vulnerable certificate authentication mechanism until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.