CVE-2017-17303

Name of the Vulnerable Software and Affected Versions: Huawei DP300 versions V500R002C00 through V500R002C00SPCa00 Huawei RP200 version V500R002C00SPC200 Huawei TE30 versions V100R001C10 through V100R001C10SPC900 Huawei TE30 versions V500R002C00SPC200 through V500R002C00SPCb00 Huawei TE40 versions V500R002C00SPC600 through V500R002C00SPCb00 Huawei TE50 versions V500R002C00SPC600 through V500R002C00SPCb00 Huawei TE60 versions V100R001C10 through V100R001C10SPC900 Huawei TE60 versions V500R002C00 through V500R002C00SPCe00 Huawei TE60 versions V600R006C00 through V600R006C00SPC300

Description: The affected Huawei products use the CIDAM protocol, which contains sensitive information in the message when it is implemented. This leads to an information disclosure issue. An authenticated remote attacker could track and get the message of a target system, allowing the attacker to obtain sensitive information.

Recommendations: For Huawei DP300 versions V500R002C00 through V500R002C00SPCa00, restrict access to the CIDAM protocol to minimize the risk of exploitation. For Huawei RP200 version V500R002C00SPC200, consider disabling the CIDAM protocol until a patch is available. For Huawei TE30 versions V100R001C10 through V100R001C10SPC900, avoid using the CIDAM protocol in sensitive operations until the issue is resolved. For Huawei TE30 versions V500R002C00SPC200 through V500R002C00SPCb00, restrict access to the CIDAM protocol to minimize the risk of exploitation. For Huawei TE40 versions V500R002C00SPC600 through V500R002C00SPCb00, consider disabling the CIDAM protocol until a patch is available. For Huawei TE50 versions V500R002C00SPC600 through V500R002C00SPCb00, avoid using the CIDAM protocol in sensitive operations until the issue is resolved. For Huawei TE60 versions V100R001C10 through V100R001C10SPC900, restrict access to the CIDAM protocol to minimize the risk of exploitation. For Huawei TE60 versions V500R002C00 through V500R002C00SPCe00, consider disabling the CIDAM protocol until a patch is available. For Huawei TE60 versions V600R006C00 through V600R006C00SPC300, avoid using the CIDAM protocol in sensitive operations until the issue is resolved.