CVE-2017-15341

CWE-295Improper Certificate Validation3 documents3 sources
Severity
7.5HIGH
EPSS
0.1%
top 65.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Huawei Ar3200 FirmwareHuawei Te40 FirmwareHuawei Te50 Firmware+1 more
Timeline
PublishedFeb 15
Latest updateMay 14

Description

Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDhuawei/te40_firmwarev600r006c00
NVDhuawei/te50_firmwarev600r006c00
NVDhuawei/te60_firmwarev600r006c00
NVDhuawei/ar3200_firmwarev200r008c20, v200r008c30+1

🔴Vulnerability Details

2
GHSA
GHSA-h698-9r6p-x6xw: Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability2022-05-14
CVEList
CVE-2017-15341: Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability2018-02-15
CVE-2017-15341 (HIGH CVSS 7.5) | Huawei AR3200 V200R008C20 | cvebase.io