CVE-2017-17174
CVE-2017-17174 is a medium-severity vulnerability in Huawei Rse6500 Firmware with a CVSS 3.x base score of 5.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-310.
Key facts
- Severity: Medium (CVSS 3.x base score 5.9)
- CVSS v2: 4.3
- EPSS exploit prediction: 1% (61st percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-310
- Affected product: Huawei Rse6500 Firmware
- Published:
- Last modified:
Description
Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key and the previously captured sessions by some cryptanalytic operations. Successful exploit may cause information leak.
Frequently asked questions
- What is CVE-2017-17174?
- Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key and the previously captured sessions by some cryptanalytic operations. Successful exploit may cause information leak.
- How severe is CVE-2017-17174?
- CVE-2017-17174 has a CVSS 3.x base score of 5.9, rated medium severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2017-17174 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (61st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2017-17174?
- CVE-2017-17174 primarily affects Huawei Rse6500 Firmware. In total, 7 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2017-17174?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2017-17174 published?
- CVE-2017-17174 was published on 2018-07-31 and last updated on 2026-06-17.
References
Affected products (7)
- cpe:2.3:o:huawei:rse6500_firmware:v500r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:softco_firmware:v200r003c20spcb00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:vp9660_firmware:v600r006c10:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:espace_u1981_firmware:v200r001c20:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c20:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c30:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c50:*:*:*:*:*:*:*
More vulnerabilities in Huawei Rse6500 Firmware
- CVE-2016-5234 — High (CVSS 8.1): Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before…
- CVE-2019-19417 — High (CVSS 7.5): The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit…
- CVE-2019-19416 — High (CVSS 7.5): The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit…
- CVE-2019-19415 — High (CVSS 7.5): The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit…
- CVE-2020-1841 — High (CVSS 7.5): Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and…
- CVE-2017-17258 — High (CVSS 7.5): Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00,…
All CVEs affecting Huawei Rse6500 Firmware →
Other CWE-310 (Cryptographic Issues) vulnerabilities
- CVE-2014-7878 — Critical (CVSS 10.0): The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived…
- CVE-2013-3712 — Critical (CVSS 10.0): SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has…
- CVE-2013-6952 — Critical (CVSS 10.0): The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote…
- CVE-2013-6838 — Critical (CVSS 10.0): An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000)…
- CVE-2013-0137 — Critical (CVSS 10.0): The default configuration of the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189…
- CVE-2011-5123 — Critical (CVSS 10.0): The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not check whether X.509 certificates in…