5.3
CVE-2017-8213
- EPSS 0.17%
- Veröffentlicht 22.11.2017 19:29:05
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle psirt@huawei.com
- Teams Watchlist Login
- Unerledigt Login
Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Huawei ≫ Smc2.0 Firmware Versionv100r003c10
Huawei ≫ Smc2.0 Firmware Versionv100r005c00spc100
Huawei ≫ Smc2.0 Firmware Versionv100r005c00spc101b001t
Huawei ≫ Smc2.0 Firmware Versionv100r005c00spc102
Huawei ≫ Smc2.0 Firmware Versionv100r005c00spc103
Huawei ≫ Smc2.0 Firmware Versionv100r005c00spc200
Huawei ≫ Smc2.0 Firmware Versionv100r005c00spc201t
Huawei ≫ Smc2.0 Firmware Versionv500r002c00
Huawei ≫ Smc2.0 Firmware Versionv600r006c00
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.389 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.