CVE-2017-15341 — HIGH (7.5)

Vulnerability Description

Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Ar3200 Firmware	v200r008c20
Huawei	Ar3200	-
Huawei	Te40 Firmware	v600r006c00
Huawei	Te40	-
Huawei	Te50 Firmware	v600r006c00
Huawei	Te50	-
Huawei	Te60 Firmware	v600r006c00
Huawei	Te60	-

Related Weaknesses (CWE)

CWE-295

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-cert-enVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-cert-enVendor Advisory

FAQ

What is CVE-2017-15341?

CVE-2017-15341 is a vulnerability with a CVSS score of 7.5 (HIGH). Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote...

How severe is CVE-2017-15341?

CVE-2017-15341 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-15341?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ar3200 Firmware, Huawei Ar3200, Huawei Te40 Firmware, Huawei Te40, Huawei Te50 Firmware.