CVE-2017-8213

CWE-295Improper Certificate Validation3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 61.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Technologies Co., Ltd. Smc2.0Huawei Smc2.0 Firmware
Timeline
PublishedNov 22
Latest updateMay 17

Description

Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDhuawei/smc2.0_firmware9 versions+8
CVEListV5huawei_technologies_co.,_ltd./smc2.0V100R003C10,V100R005C00SPC100,V100R005C00SPC101B001T,V100R005C00SPC102,V100R005C00SPC103,V100R005C00SPC200,V100R005C00SPC201T,V500R002C00,V600R006C00,

🔴Vulnerability Details

2
GHSA
GHSA-484q-rm2r-3g72: Huawei SMC22022-05-17
CVEList
CVE-2017-8213: Huawei SMC22017-11-22
CVE-2017-8213 (MEDIUM CVSS 5.3) | Huawei SMC2.0 with software of V100 | cvebase.io