Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Huawei Data Communication: Multiple Vulnerabilities in IPsec IKE of Huawei Firewall Products (huawei-sa-20180411-01-Bleichenbacher)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Huawei Firewall products are prone to multiple vulnerabilities.
Insight
Insight
These vulnerabilities exist: - A Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. This enables them to cause a Bleichenbacher oracle attack (CVE-2017-17305) - Two denial-of-service vulnerabilities in the IPSEC IKEv1 implementations due to improper handling of the malformed messages. An attacker may sent crafted packets to the affected device to exploit these vulnerabilities (CVE-2017-17311, CVE-2017-17312).
Affected Software
Affected Software
Huawei USG2205BSR, USG2220BSR, USG5120BSR and USG5150BSR.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
See the referenced vendor advisory for a solution.