CVE-2017-17174
Description
Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key and the previously captured sessions by some cryptanalytic operations. Successful exploit may cause information leak.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Weak RSA key exchange in Huawei products allows remote attackers to decrypt TLS traffic via Bleichenbacher attack.
Vulnerability
The Huawei products RSE6500 V500R002C00, SoftCo V200R003C20SPCb00, VP9660 V600R006C10, and eSpace U1981 V100R001C20, V200R003C20, V200R003C30, V200R003C50 employ a weak algorithm vulnerability related to RSA key exchange in TLS. This makes them susceptible to the Bleichenbacher attack (also known as the Million Message Attack) on RSA key exchange when a remote unauthenticated attacker can capture TLS traffic between clients and the affected products [1].
Exploitation
An attacker must be in a position to capture TLS traffic between clients and an affected product. No authentication is required. The attacker then performs cryptanalytic operations based on the Bleichenbacher attack to decrypt the session key from RSA key exchange and subsequently recover previously captured sessions [1].
Impact
Successful exploitation leads to information disclosure (confidentiality impact). The attacker can decrypt TLS sessions, gaining access to the plaintext content of captured communications [1].
Mitigation
Huawei has released software updates to fix this vulnerability. Affected products should be upgraded to the resolved product and version as specified in the security advisory [1]. No workaround is mentioned; applying the update is the recommended mitigation.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Huawei Technologies Co., Ltd./RSE6500; SoftCo; VP9660; eSpace U1981v5Range: RSE6500 V500R002C00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20180703-01-algorithm-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.