CVE-2017-17301

Q: What is the severity of CVE-2017-17301?

CVE-2017-17301 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows an unauthenticated remote attacker to forge RSA certificates and bypass identity authentication on affected Huawei networking devices. Attackers can log into devices with specific user permissions, potentially gaining unauthorized access. Affected systems include multiple Huawei AR series routers, CloudEngine switches, and other networking products.

9.8 CRITICAL

Authentication Bypass

📋 TL;DR

This vulnerability allows an unauthenticated remote attacker to forge RSA certificates and bypass identity authentication on affected Huawei networking devices. Attackers can log into devices with specific user permissions, potentially gaining unauthorized access. Affected systems include multiple Huawei AR series routers, CloudEngine switches, and other networking products.

💻 Affected Systems

Products:

Huawei AR120-S
AR1200
AR1200-S
AR150
AR160
AR200
AR200-S
AR2200
AR2200-S
AR3200
AR3600
AR510
CloudEngine 12800
CloudEngine 5800
CloudEngine 6800
CloudEngine 7800
DP300
SMC2.0
SRG1300
SRG2300
SRG3300
TE30
TE60
VP9660
ViewPoint 8660
eSpace IAD
eSpace U1981
eSpace USM

Versions: Multiple versions across V100R001C01 to V500R002C00 depending on product

Operating Systems: Huawei proprietary OS

Default Config Vulnerable: ⚠️ Yes

Notes: All listed versions are vulnerable when using certificate-based authentication. The vulnerability affects the certificate validation mechanism.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to reconfigure network, intercept traffic, install persistent backdoors, or use device as pivot point to attack internal networks.

🟠

Likely Case

Unauthorized administrative access to networking devices leading to network disruption, data interception, or credential theft.

🟢

If Mitigated

Limited impact if devices are behind firewalls, have restricted network access, or use additional authentication layers.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting specific RSA certificates to bypass authentication. No public exploit code is known, but the vulnerability description provides enough detail for skilled attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security advisory for specific fixed versions per product

Vendor Advisory: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171222-01-cryptography-en

Restart Required: Yes

Instructions:

1. Check Huawei security advisory for your specific product and version. 2. Download and apply the recommended firmware update. 3. Reboot the device after patching. 4. Verify the patch is applied successfully.

🔧 Temporary Workarounds

Disable certificate-based authentication

all

Temporarily disable vulnerable certificate authentication methods and use alternative authentication mechanisms

# Consult Huawei documentation for specific commands to disable certificate auth

Network segmentation and access control

all

Restrict network access to affected devices using firewalls and ACLs

# Configure firewall rules to limit access to management interfaces

🧯 If You Can't Patch

Isolate affected devices in separate network segments with strict firewall rules
Implement multi-factor authentication and disable single certificate-based authentication

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against affected versions list in Huawei advisory

Check Version:

# display version (Huawei CLI command varies by product)

Verify Fix Applied:

Verify firmware version has been updated to a version not listed in the advisory

📡 Detection & Monitoring

Log Indicators:

Unexpected authentication attempts
Successful logins from unknown sources
Certificate validation failures

Network Indicators:

Unusual management interface traffic
Certificate-based authentication attempts from unexpected sources

SIEM Query:

Example: auth_success AND (source_ip NOT IN allowed_management_ips) OR cert_auth_failure

📊 Metadata

CVE ID: CVE-2017-17301

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-295

Published: February 15, 2018

Last Updated: November 21, 2024

🔗 References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171222-01-cryptography-en Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171222-01-cryptography-en Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar120 S Firmware by Huawei

Ar120 S Firmware by Huawei

Ar120 S Firmware by Huawei

Ar120 S Firmware by Huawei

Ar1200 Firmware by Huawei

Ar1200 Firmware by Huawei

Ar1200 Firmware by Huawei

Ar1200 Firmware by Huawei

Ar1200 Firmware by Huawei

Ar1200 Firmware by Huawei

Ar1200 Firmware by Huawei

Ar1200 S Firmware by Huawei

Ar1200 S Firmware by Huawei

Ar1200 S Firmware by Huawei

Ar1200 S Firmware by Huawei

Ar150 Firmware by Huawei

Ar150 Firmware by Huawei

Ar150 Firmware by Huawei

Ar150 Firmware by Huawei

Ar150 Firmware by Huawei

Ar160 Firmware by Huawei

Ar160 Firmware by Huawei

Ar160 Firmware by Huawei

Ar160 Firmware by Huawei

Ar160 Firmware by Huawei

Ar160 Firmware by Huawei

Ar200 Firmware by Huawei

Ar200 Firmware by Huawei

Ar200 Firmware by Huawei

Ar200 Firmware by Huawei

Ar200 Firmware by Huawei

Ar200 S Firmware by Huawei

Ar200 S Firmware by Huawei

Ar200 S Firmware by Huawei

Ar200 S Firmware by Huawei

Ar200 S Firmware by Huawei

Ar2200 Firmware by Huawei

Ar2200 Firmware by Huawei

Ar2200 Firmware by Huawei

Ar2200 Firmware by Huawei

Ar2200 Firmware by Huawei

Ar2200 Firmware by Huawei

Ar2200 Firmware by Huawei

Ar2200 S Firmware by Huawei

Ar2200 S Firmware by Huawei

Ar2200 S Firmware by Huawei

Ar2200 S Firmware by Huawei

Ar3200 Firmware by Huawei

Ar3200 Firmware by Huawei

Ar3200 Firmware by Huawei

Ar3200 Firmware by Huawei

Ar3200 Firmware by Huawei

Ar3200 Firmware by Huawei

Ar3200 Firmware by Huawei

Ar3200 Firmware by Huawei

Ar3200 Firmware by Huawei

Ar3200 Firmware by Huawei

Ar3600 Firmware by Huawei

Ar3600 Firmware by Huawei

Ar3600 Firmware by Huawei

Ar3600 Firmware by Huawei

Ar510 Firmware by Huawei

Ar510 Firmware by Huawei

Ar510 Firmware by Huawei

Ar510 Firmware by Huawei

Cloudengine 12800 Firmware by Huawei

Cloudengine 12800 Firmware by Huawei

Cloudengine 12800 Firmware by Huawei

Cloudengine 12800 Firmware by Huawei

Cloudengine 12800 Firmware by Huawei

Cloudengine 12800 Firmware by Huawei

Cloudengine 5800 Firmware by Huawei

Cloudengine 5800 Firmware by Huawei

Cloudengine 5800 Firmware by Huawei

Cloudengine 5800 Firmware by Huawei

Cloudengine 5800 Firmware by Huawei

Cloudengine 5800 Firmware by Huawei