CVE-2017-8174 — Inadequate Encryption Strength in Huawei Secospace Usg6300 Firmware

CWE-326 — Inadequate Encryption Strength3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 79.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Secospace Usg6300 Firmware Huawei Secospace Usg6600 Firmware

Timeline

PublishedNov 22

Latest updateMay 17

Description

Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/secospace_usg6300_firmwarev100r001c30spc300

▶NVDhuawei/secospace_usg6600_firmware4 versions+3

🔴Vulnerability Details

GHSA

GHSA-hhpv-56p8-wvw8: Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algo↗2022-05-17

▶

CVEList

CVE-2017-8174: Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algo↗2017-11-22

▶