This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy (update in May 2018) >

Security Advisory - Multiple Vulnerabilities in IPsec IKE of Huawei Firewall Products

  • SA No:huawei-sa-20180813-01-Bleichenbacher
  • Initial Release Date: Aug 13, 2018
  • Last Release Date: Aug 13, 2018

There is a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability can impact IPSec tunnel security. (Vulnerability ID: HWPSIRT-2017-10055)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17305.

There are two DoS vulnerabilities in the IPSEC IKEv1 implementations of Huawei Firewall products.  Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit these two vulnerabilities could lead to device deny of service. (Vulnerability ID: HWPSIRT-2017-10147 and HWPSIRT-2017-10148)

The two vulnerabilities have been assigned two Common Vulnerabilities and Exposures (CVE) IDs: CVE-2017-17311 and CVE-2017-17312.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180813-01-Bleichenbacher-en


Product Name

Affected Version

Resolved Product and Version

USG2205BSR

V300R001C10SPC600

V300R001C10SPH702

USG2220BSR

V300R001C00

Upgrade to V300R001C10SPH702

USG5120BSR

V300R001C00

Upgrade to V300R001C10SPH702

USG5150BSR

V300R001C00

Upgrade to V300R001C10SPH702


HWPSIRT-2017-10055:

Successful exploit this vulnerability can impact IPSec tunnel security.

HWPSIRT-2017-10147 and HWPSIRT-2017-10148:

Successful exploit these two vulnerabilities could lead to device deny of service.


The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).

HWPSIRT-2017-10055:

Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Temporal Score: 5.5 (E:F/RL:O/RC:C)

HWPSIRT-2017-10147 and HWPSIRT-2017-10148:

Base Score: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Temporal Score: 4.9 (E:F/RL:O/RC:C)


HWPSIRT-2017-10055:

This vulnerability can be exploited only when the following conditions are present:

The attacker could gain access to the network.

Vulnerability details:

There is a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability can impact IPSec tunnel security.

HWPSIRT-2017-10147 and HWPSIRT-2017-10148:

This vulnerability can be exploited only when the following conditions are present:

The attacker could gain access to the network.

Vulnerability details:

There are two DoS vulnerabilities in the IPSEC IKEv1 implementations of Huawei Firewall products.  Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit these two vulnerabilities could lead to device deny of service.


Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.

These vulnerabilities were reported to Huawei PSIRT by Dennis Felsch, Martin Grothe, and Joerg Schwenk of Ruhr University Bochum as well as Adam Czubak and Marcin Szymanek from Opole University. Huawei would like to thank them for working with us and coordinated vulnerability disclosure to protect our customers.


2018-08-13 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.