CVE-2017-17174

Name of the Vulnerable Software and Affected Versions: Huawei RSE6500 version V500R002C00 Huawei SoftCo version V200R003C20SPCb00 Huawei VP9660 version V600R006C10 Huawei eSpace U1981 versions V100R001C20, V200R003C20, V200R003C30, V200R003C50

Description: The issue is related to a weak algorithm vulnerability. A remote, unauthenticated attacker can exploit this by capturing TLS traffic between clients and the affected products. The attacker may then launch the Bleichenbacher attack on RSA key exchange to decrypt the session key and previously captured sessions through some cryptanalytic operations. This could result in an information leak.

Recommendations: For Huawei RSE6500 version V500R002C00, consider disabling the RSA key exchange until a patch is available. For Huawei SoftCo version V200R003C20SPCb00, restrict access to TLS traffic to minimize the risk of exploitation. For Huawei VP9660 version V600R006C10, avoid using the affected RSA key exchange in the TLS protocol until the issue is resolved. For Huawei eSpace U1981 versions V100R001C20, V200R003C20, V200R003C30, V200R003C50, temporarily disable the use of the vulnerable algorithm as a quick mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.