Vulnerabilities > CVE-2017-17303 - Information Exposure vulnerability in Huawei products

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

huawei

CWE-200

NVD

Published: 2018-03-09

Updated: 2018-03-29

Summary

Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE30 V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE60 V100R001C10; V100R001C10B001; V100R001C10B002; V100R001C10B010; V100R001C10B011; V100R001C10B012; V100R001C10B013; V100R001C10B014; V100R001C10B016; V100R001C10B017; V100R001C10B018; V100R001C10B019; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800B011; V100R001C10SPC900; V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V500R002C00SPCe00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300 use the CIDAM protocol, which contains sensitive information in the message when it is implemented. So these products has an information disclosure vulnerability. An authenticated remote attacker could track and get the message of a target system. Successful exploit could allow the attacker to get the information and cause the sensitive information disclosure.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Dp300 Firmware V500R002C00 Huawei Dp300 Firmware V500R002C00B010 Huawei Dp300 Firmware V500R002C00B011 Huawei Dp300 Firmware V500R002C00B012 Huawei Dp300 Firmware V500R002C00B013 Huawei Dp300 Firmware V500R002C00B014 Huawei Dp300 Firmware V500R002C00B017 Huawei Dp300 Firmware V500R002C00B018 Huawei Dp300 Firmware V500R002C00Spc100 Huawei Dp300 Firmware V500R002C00Spc200 Huawei Dp300 Firmware V500R002C00Spc300 Huawei Dp300 Firmware V500R002C00Spc400 Huawei Dp300 Firmware V500R002C00Spc500 Huawei Dp300 Firmware V500R002C00Spc600 Huawei Dp300 Firmware V500R002C00Spc800 Huawei Dp300 Firmware V500R002C00Spc900 Huawei Dp300 Firmware V500R002C00Spca00 Huawei Rp200 Firmware V500R002C00Spc200 Huawei Rp200 Firmware V600R006C00 Huawei Rp200 Firmware V600R006C00Spc200 Huawei Rp200 Firmware V600R006C00Spc300 Huawei Te30 Firmware V100R001C10Spc300 Huawei Te30 Firmware V100R001C10Spc500 Huawei Te30 Firmware V100R001C10Spc600 Huawei Te30 Firmware V100R001C10Spc700B010 Huawei Te30 Firmware V500R002C00Spc200 Huawei Te30 Firmware V500R002C00Spc500 Huawei Te30 Firmware V500R002C00Spc600 Huawei Te30 Firmware V500R002C00Spc700 Huawei Te30 Firmware V500R002C00Spc900 Huawei Te30 Firmware V500R002C00Spcb00 Huawei Te30 Firmware V600R006C00 Huawei Te30 Firmware V600R006C00Spc200 Huawei Te30 Firmware V600R006C00Spc300 Huawei Te40 Firmware V500R002C00Spc600 Huawei Te40 Firmware V500R002C00Spc700 Huawei Te40 Firmware V500R002C00Spc900 Huawei Te40 Firmware V500R002C00Spcb00 Huawei Te40 Firmware V600R006C00 Huawei Te40 Firmware V600R006C00Spc200 Huawei Te40 Firmware V600R006C00Spc300 Huawei Te50 Firmware V500R002C00Spc600 Huawei Te50 Firmware V500R002C00Spc700 Huawei Te50 Firmware V500R002C00Spcb00 Huawei Te50 Firmware V600R006C00 Huawei Te50 Firmware V600R006C00Spc200 Huawei Te50 Firmware V600R006C00Spc300 Huawei Te60 Firmware V100R001C10 Huawei Te60 Firmware V100R001C10B001 Huawei Te60 Firmware V100R001C10B002 Huawei Te60 Firmware V100R001C10B010 Huawei Te60 Firmware V100R001C10B011 Huawei Te60 Firmware V100R001C10B012 Huawei Te60 Firmware V100R001C10B013 Huawei Te60 Firmware V100R001C10B014 Huawei Te60 Firmware V100R001C10B016 Huawei Te60 Firmware V100R001C10B017 Huawei Te60 Firmware V100R001C10B018 Huawei Te60 Firmware V100R001C10B019 Huawei Te60 Firmware V100R001C10Spc400 Huawei Te60 Firmware V100R001C10Spc500 Huawei Te60 Firmware V100R001C10Spc600 Huawei Te60 Firmware V100R001C10Spc700 Huawei Te60 Firmware V100R001C10Spc800B011 Huawei Te60 Firmware V100R001C10Spc900 Huawei Te60 Firmware V500R002C00 Huawei Te60 Firmware V500R002C00B010 Huawei Te60 Firmware V500R002C00B011 Huawei Te60 Firmware V500R002C00Spc100 Huawei Te60 Firmware V500R002C00Spc200 Huawei Te60 Firmware V500R002C00Spc300 Huawei Te60 Firmware V500R002C00Spc600 Huawei Te60 Firmware V500R002C00Spc700 Huawei Te60 Firmware V500R002C00Spc800 Huawei Te60 Firmware V500R002C00Spc900 Huawei Te60 Firmware V500R002C00Spca00 Huawei Te60 Firmware V500R002C00Spcb00 Huawei Te60 Firmware V500R002C00Spcd00 Huawei Te60 Firmware V500R002C00Spce00 Huawei Te60 Firmware V600R006C00 Huawei Te60 Firmware V600R006C00Spc100 Huawei Te60 Firmware V600R006C00Spc200 Huawei Te60 Firmware V600R006C00Spc300	83
Hardware	Huawei Huawei Dp300 - Huawei Rp200 - Huawei Te30 - Huawei Te40 - Huawei Te50 - Huawei Te60 -	6

Common Weakness Enumeration (CWE)

CWE-200 - Information Exposure

Common Attack Pattern Enumeration and Classification (CAPEC)

Subverting Environment Variable Values
The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
Footprinting
An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
Exploiting Trust in Client (aka Make the Client Invisible)
An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
Browser Fingerprinting
An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-cidam-en