Strix
26.1K

CVE-2017-17174

UnknownEPSS 1.09%

Last modified

CVE-2017-17174 is a vulnerability of currently unknown severity. Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. EPSS estimates a 1.09% chance of exploitation in the next 30 days.

Description

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key and the previously captured sessions by some cryptanalytic operations. Successful exploit may cause information leak.

Metrics

EPSS Probability
1.09%

61.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HuaweiRse6500 Firmwarev500r002c00
HuaweiSoftco Firmwarev200r003c20spcb00
HuaweiVp9660 Firmwarev600r006c10
HuaweiEspace U1981 Firmwarev200r001c20
HuaweiEspace U1981 Firmwarev200r003c20
HuaweiEspace U1981 Firmwarev200r003c30
HuaweiEspace U1981 Firmwarev200r003c50

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-17174?
Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key and the previously captured sessions by some cryptanalytic operations. Successful exploit may cause information leak.
How severe is CVE-2017-17174?
Severity scoring for CVE-2017-17174 is pending analysis. The EPSS model estimates a 1.09% probability of exploitation in the next 30 days.
How do I fix CVE-2017-17174?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-17174?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST