admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2017/CVE-2017-173xx/CVE-2017-17305.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

197 lines
6.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2017-17305",
"sourceIdentifier": "psirt@huawei.com",
"published": "2018-08-21T13:29:00.263",
"lastModified": "2018-10-12T16:48:52.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability can impact IPSec tunnel security."
},
{
"lang": "es",
"value": "Algunos productos Firewall de Huawei, en sus modelos USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR y V300R001C00 tienen una vulnerabilidad de or\u00e1culo de Bleichenbacher en las implementaciones IPSEC IKEv1. Los atacantes remotos puedes descifrar los datos del texto cifrado mediante un t\u00fanel IPSEC utilizando un or\u00e1culo de Bleichenbacher en el relleno (padding) de RSA. Esto puede provocar un ataque de or\u00e1culo de Bleichenbacher. Su explotaci\u00f3n con \u00e9xito puede afectar a la seguridad del t\u00fanel IPSec."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-310"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:usg2205bsr_firmware:v300r001c10spc600:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C9DEE4-F23B-4F54-9868-EDF5AC95D333"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:huawei:usg2205bsr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D90A5F-E41D-4CFD-86D2-FB208031CBAB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:usg2220bsr_firmware:v300r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "4B8F1406-67A4-4A46-8248-1712E85FE1D9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:huawei:usg2220bsr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4257B6-A1C0-4585-93EF-63081534C5E5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:usg5120bsr_firmware:v300r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "54B9E222-40C0-408C-A669-8CF99836FE62"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:huawei:usg5120bsr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C515743-EA4D-41A6-B295-90EBA5553AD6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:usg5150bsr_firmware:v300r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "56E5A858-16C9-4085-BE5A-78A680D2F4D5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:huawei:usg5150bsr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F058EF4-A6D4-4931-B571-332E0C1B052D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180813-01-Bleichenbacher-en",
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink