Skip to main content

Huawei has rolled out security fixes to address a cryptography issue tracked as CVE-2017-17174 | -CyberLuC

Huawei has rolled out security fixes for some enterprise and broadcast products to address a cryptography issue tracked as CVE-2017-17174.


Huawei has released security updates for some enterprise and broadcast products to address a cryptography issue that was discovered in late 2017.
The vulnerability, tracked as CVE-2017-17174, is related to the implementation of an insecure encryption algorithm and could be exploited to power MiTM attack to decrypt a session key and recover the content of the entire session.
“There is a weak algorithm vulnerability in some Huawei products. A remote, unauthenticated attacker may capture traffic between clients and the affected products.” reads the security advisory published by Huawei.

“Due to the use of insecure encryption algorithm, the attacker may decrypt the session key by some cryptanalytic operations and the traffic between the server and the client. Successful exploit may cause information leak.”
The following Huawei products using RSA encryption in TLS are potentially vulnerable:
  • The RSE6500 Recording and Streaming Engine version V500R002C00. A high-performance, full-HD recording and streaming engine that supports live video multicast and mobile Video on Demand (VoD).
  • The SoftCo unified communications software version V200R003C20SPCb00;
  • The VP9660 video conferencing multipoint control units version V600R006C10;
  • Multiple versions of its eSpace U1981 IP telephony and enterprise communications universal SIP gateway.

Huawei rated the vulnerability as a 5.3 (medium) because it is not easy to exploit, the company has released software updates to address the flaw for all of its solution except for the unified communications software SoftCo that has been deprecated.
Every flaw discovered in products of Chinese and Russia firm trigger the alarm of governments that are already banning their solution from critical infrastructure and government offices.
In May, the Pentagon ordered retail outlets on US military bases to stop selling Huawei and ZTE products due to unacceptable security risk they pose Read More--

Comments

Popular posts from this blog

Top 5 Website Vulnerability Scanning Tools [New Listing 2018] -CyberLuC

Top 5 Website Vulnerability Scanning Tools [New Listing 2018] -CyberLuC This is why security testing of web applications is very important because In the past, many popular websites have been hacked. Hackers are now active and always try to hack websites and leak data.   And here comes the role of web application security scanners. Web Application Security Scanner is a software program which performs automatic black box testing on a web application and identifies security vulnerabilities. Scanners do not access the source code, they only perform functional testing and try to find security vulnerabilities. The moment our world went online and enterprises started conducting their businesses using websites, they became the primary targets for hackers. The situation worsened with the  emergence of Content Management System(s) (CMS)  – like WordPress, Joomla, Drupal etc., – which while offering an easy way to build (as well as customize) websites, left...

Top 5 Most Popular and Best Cyber Forensics Tools | -CyberLuC

Top 5 Most Popular and Best Cyber Forensics Tools The art of Cyber forensic investigation is quite complex and requires rigorous precision in following every investigative step from Acquisition to Analysis & Reporting. Experts now face the need for dependable tools that help them to do so, from the beginning. Every investigation requires usage of multiple tools, dependence on a sole tool causes the investigation to lose its flexibility and makes it prone towards ambiguity.   Cyber forensic: As the title says, it is collecting evidence for investigation after an unwanted activity has occurred. Cyber/Computer Forensics is a department that comes under Digital Forensic Science for improving cyber security Here are top 5 cyber forensic tools preferred by specialists and investigators around the world. So what are the tools used by these professionals? Here’s a list of top 5 tools  used with a brief description and key features. #1)Pro Disc...

2018’s Most Dangerous Cyber Threats| -CyberLuC

2018’s Most Dangero us Cyber Threats The year 2017 witnessed some of the biggest cyber attacks of all times. This includes WannaCry Cyber Attack propelled by North Korea targeting more than 250,000 computers worldwide, NotPetya cyber attack on companies operating in Ukraine & Russia and the much-publicized Equifax data breach which even led to the resignation of the CEO after data of more than 143 million US Citizens was found to be compromised. And according to Gartner, Information security spending is said to reach $86.4 billion by the end of 2017 and will probably cross the $110 billion mark by the end of next year. 2018 is a new year, and with it come newer, more advanced cyber threats. A growing set of efforts against individuals, businesses, and international security, cyber-attacks threaten systems and devices that people use every day, from smartphones to the websites you check before bed every night, to your work computer. Cyber threats have a variety of aim...