VAR-201802-0540
Vulnerability from variot - Updated: 2024-11-23 22:41Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device. plural Huawei The product contains a certificate validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR3200 is a new generation network product launched by China's Huawei company. HuaweiTE40/50/60 is a high-definition video conferencing terminal that supports 1080p60. The Huawei AR3200 and others are all products of China's Huawei (Huawei). The Huawei AR3200 is an AR3200 series enterprise router. The vulnerability is caused by the fact that the program does not have the correct encrypted X.509 certificate. The following products and versions are affected: Huawei AR3200 V200R008C20, V200R008C30; TE40 V600R006C00; TE50 V600R006C00; TE60 V600R006C00
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0540",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "te40",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v600r006c00"
},
{
"model": "ar3200",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r008c30"
},
{
"model": "te50",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v600r006c00"
},
{
"model": "ar3200",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r008c20"
},
{
"model": "te60",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v600r006c00"
},
{
"model": "ar3200",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "te40",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "te50",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "te60",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ar3200 v200r008c20",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "te60 v600r006c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "te40 v600r006c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "te50 v600r006c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "ar3200 v200r008c30",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35588"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012318"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1150"
},
{
"db": "NVD",
"id": "CVE-2017-15341"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:ar3200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:te40_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:te50_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:te60_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012318"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei internal tester",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1150"
}
],
"trust": 0.6
},
"cve": "CVE-2017-15341",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-15341",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-35588",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-106154",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-15341",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-15341",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-15341",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-35588",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-1150",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-106154",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35588"
},
{
"db": "VULHUB",
"id": "VHN-106154"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012318"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1150"
},
{
"db": "NVD",
"id": "CVE-2017-15341"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device. plural Huawei The product contains a certificate validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR3200 is a new generation network product launched by China\u0027s Huawei company. HuaweiTE40/50/60 is a high-definition video conferencing terminal that supports 1080p60. The Huawei AR3200 and others are all products of China\u0027s Huawei (Huawei). The Huawei AR3200 is an AR3200 series enterprise router. The vulnerability is caused by the fact that the program does not have the correct encrypted X.509 certificate. The following products and versions are affected: Huawei AR3200 V200R008C20, V200R008C30; TE40 V600R006C00; TE50 V600R006C00; TE60 V600R006C00",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15341"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012318"
},
{
"db": "CNVD",
"id": "CNVD-2017-35588"
},
{
"db": "VULHUB",
"id": "VHN-106154"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15341",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012318",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1150",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-35588",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-106154",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35588"
},
{
"db": "VULHUB",
"id": "VHN-106154"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012318"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1150"
},
{
"db": "NVD",
"id": "CVE-2017-15341"
}
]
},
"id": "VAR-201802-0540",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35588"
},
{
"db": "VULHUB",
"id": "VHN-106154"
}
],
"trust": 1.6880617679999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35588"
}
]
},
"last_update_date": "2024-11-23T22:41:58.632000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20171129-01-cert",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-cert-en"
},
{
"title": "Patches for various Huawei Product Denial of Service Vulnerabilities (CNVD-2017-35588)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/107305"
},
{
"title": "Multiple Huawei Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76805"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35588"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012318"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1150"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-106154"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012318"
},
{
"db": "NVD",
"id": "CVE-2017-15341"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-cert-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15341"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15341"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171129-01-cert-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35588"
},
{
"db": "VULHUB",
"id": "VHN-106154"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012318"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1150"
},
{
"db": "NVD",
"id": "CVE-2017-15341"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-35588"
},
{
"db": "VULHUB",
"id": "VHN-106154"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012318"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1150"
},
{
"db": "NVD",
"id": "CVE-2017-15341"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35588"
},
{
"date": "2018-02-15T00:00:00",
"db": "VULHUB",
"id": "VHN-106154"
},
{
"date": "2018-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012318"
},
{
"date": "2017-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1150"
},
{
"date": "2018-02-15T16:29:00.830000",
"db": "NVD",
"id": "CVE-2017-15341"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35588"
},
{
"date": "2018-02-22T00:00:00",
"db": "VULHUB",
"id": "VHN-106154"
},
{
"date": "2018-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012318"
},
{
"date": "2017-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1150"
},
{
"date": "2024-11-21T03:14:30.187000",
"db": "NVD",
"id": "CVE-2017-15341"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1150"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Certificate validation vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012318"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1150"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.