CVE-2017-8213

Name of the Vulnerable Software and Affected Versions Huawei SMC2.0 versions V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00

Description The issue is related to an input validation vulnerability when handling TLS and DTLS handshakes with certificates. Due to insufficient validation of received PKI certificates, remote attackers could exploit this to crash the TLS module.

Recommendations For Huawei SMC2.0 version V100R003C10, update to a fixed version to resolve the issue. For Huawei SMC2.0 version V100R005C00SPC100, update to a fixed version to resolve the issue. For Huawei SMC2.0 version V100R005C00SPC101B001T, update to a fixed version to resolve the issue. For Huawei SMC2.0 version V100R005C00SPC102, update to a fixed version to resolve the issue. For Huawei SMC2.0 version V100R005C00SPC103, update to a fixed version to resolve the issue. For Huawei SMC2.0 version V100R005C00SPC200, update to a fixed version to resolve the issue. For Huawei SMC2.0 version V100R005C00SPC201T, update to a fixed version to resolve the issue. For Huawei SMC2.0 version V500R002C00, update to a fixed version to resolve the issue. For Huawei SMC2.0 version V600R006C00, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting the handling of TLS and DTLS handshakes with certificates until a patch is available.