Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Huawei Data Communication: Multiple Vulnerabilities in IPsec IKE of Huawei Firewall Products (huawei-sa-20180411-01-Bleichenbacher)

Information

Severity

Severity

High

Family

Family

Huawei

CVSSv2 Base

CVSSv2 Base

7.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

3 years ago

Modified

Modified

3 years ago

Share

Summary

Huawei Firewall products are prone to multiple vulnerabilities.

Insight

Insight

These vulnerabilities exist: - A Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. This enables them to cause a Bleichenbacher oracle attack (CVE-2017-17305) - Two denial-of-service vulnerabilities in the IPSEC IKEv1 implementations due to improper handling of the malformed messages. An attacker may sent crafted packets to the affected device to exploit these vulnerabilities (CVE-2017-17311, CVE-2017-17312).

Affected Software

Affected Software

Huawei USG2205BSR, USG2220BSR, USG5120BSR and USG5150BSR.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

See the referenced vendor advisory for a solution.

Common Vulnerabilities and Exposures (CVE)

References