HomePentest-Tools.com Logo

Huawei Data Communication: DoS Vulnerability in TLS of Some Huawei Products (huawei-sa-20170705-01-tls) CVE-2017-8213

Severity
CVSSv3 Score
5.3
Vulnerability description

There is a denial of service (DoS) vulnerability in some huawei products when handle TLS and DTLS handshake with certificate. This VT has been deprecated and is therefore no longer functional.

Risk description

There is a denial of service (DoS) vulnerability in some huawei products when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module. (Vulnerability ID: HWPSIRT-2017-03121)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8213.Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references. Successful exploitation of the vulnerability allows attackers to crash TLS module.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Nov 22, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available