CVE-2017-17138
Description
PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a DoS vulnerability in PEM module of Huawei products due to insufficient verification. An authenticated local attacker can make processing into deadloop by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A DoS vulnerability in Huawei products' PEM module allows an authenticated local attacker to cause a deadloop via a malicious certificate.
Vulnerability
CVE-2017-17138 is a denial-of-service (DoS) vulnerability in the PEM module of numerous Huawei products, including DP300, IPS Module, NGFW Module, NIP6300/6600, RP200, S12700/S1700/S2700/S5700/S6700/S7700/S9700 switches, Secospace USG6300/6500/6600, TE30/40/50/60, TP3106/3206, USG9500, and ViewPoint 9030, across various firmware versions such as V500R002C00 and V200RxxxC00 series. The issue arises due to insufficient verification of input, which causes the processing to enter an infinite deadloop when handling a specially crafted certificate [1].
Exploitation
An attacker must have authenticated local access to the affected device. The attacker can then call the PEM decoder with a malicious certificate crafted to trigger the deadloop. No other special privileges or network access are required beyond local authentication [1].
Impact
Successful exploitation leads to a denial of service: the PEM module becomes stuck in an infinite loop, rendering the affected service or device unresponsive. This is a loss of availability with no other compromise of confidentiality or integrity [1].
Mitigation
Huawei released a security advisory (huawei-sa-20171206-01-pem) on 2017-12-06, with updates available as of 2018-04-18. Customers should upgrade to the latest fixed firmware versions specified in the advisory. No workarounds are documented; the vendor recommends applying patches [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: V500R001C00; V500R001C30
- Range: V500R001C00; V500R002C00
- Huawei Technologies Co., Ltd./DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030v5Range: DP300 V500R002C00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.