Sign-up

ID

VAR-201711-0216


CVE

CVE-2017-2700


TITLE

Huawei AC6005 and AC6605 Software management resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010599

DESCRIPTION

AC6005 with software V200R006C10, AC6605 with software V200R006C10 have a DoS Vulnerability. An attacker can send malformed packets to the device, which causes the device memory leaks, leading to DoS attacks. Huawei AC6005 and AC6605 Software contains resource management vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. The AC6005 and AC6605 are both a box-type wireless access controller from China's Huawei. The AC6005 is a small box-type wireless access controller for small and medium-sized enterprises. The AC6605 is a box-type wireless access controller for medium and large enterprises. A denial of service vulnerability exists in the V200R006C10 version of HuaweiAC6005/AC6605. Multiple Huawei products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. The vulnerability is caused by the program not performing input validation sufficiently

Trust: 2.52

sources: NVD: CVE-2017-2700 // JVNDB: JVNDB-2017-010599 // CNVD: CNVD-2017-06862 // BID: 102166 // VULHUB: VHN-110903

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-06862

AFFECTED PRODUCTS

vendor:huaweimodel:ac6005scope:eqversion:v200r006c10

Trust: 2.4

vendor:huaweimodel:ac6605scope:eqversion:v200r006c10

Trust: 2.4

vendor:huaweimodel:ac6605 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ac6005 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ac6605 v200r006c10scope: - version: -

Trust: 0.3

vendor:huaweimodel:ac6005 v200r006c10scope: - version: -

Trust: 0.3

vendor:huaweimodel:ac6605 v200r007c10spc300scope:neversion: -

Trust: 0.3

vendor:huaweimodel:ac6005 v200r007c10spc300scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-06862 // BID: 102166 // JVNDB: JVNDB-2017-010599 // CNNVD: CNNVD-201705-1283 // NVD: CVE-2017-2700

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2700
value: HIGH

Trust: 1.0

NVD: CVE-2017-2700
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-06862
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201705-1283
value: HIGH

Trust: 0.6

VULHUB: VHN-110903
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2700
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-06862
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110903
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2700
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-06862 // VULHUB: VHN-110903 // JVNDB: JVNDB-2017-010599 // CNNVD: CNNVD-201705-1283 // NVD: CVE-2017-2700

PROBLEMTYPE DATA

problemtype:CWE-772

Trust: 1.1

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-110903 // JVNDB: JVNDB-2017-010599 // NVD: CVE-2017-2700

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1283

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201705-1283

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010599

PATCH
title:huawei-sa-20170517-01-acurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170517-01-ac-en
Trust: 0.8
title:HuaweiAC6005/AC6605 denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/93875
Trust: 0.6
title:Huawei AC6005 Huawei AC6605 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70598
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-06862 // 
            
            
            
            JVNDB: JVNDB-2017-010599 // 
            
            
            
            CNNVD: CNNVD-201705-1283

EXTERNAL IDS
db:NVDid:CVE-2017-2700
Trust: 3.4
db:BIDid:102166
Trust: 2.0
db:JVNDBid:JVNDB-2017-010599
Trust: 0.8
db:CNNVDid:CNNVD-201705-1283
Trust: 0.7
db:CNVDid:CNVD-2017-06862
Trust: 0.6
db:VULHUBid:VHN-110903
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-06862 // 
            
            
            
            VULHUB: VHN-110903 // 
            
            
            
            BID: 102166 // 
            
            
            
            JVNDB: JVNDB-2017-010599 // 
            
            
            
            CNNVD: CNNVD-201705-1283 // 
            
            
            
            NVD: CVE-2017-2700

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170517-01-ac-en
Trust: 2.0
url:http://www.securityfocus.com/bid/102166
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2700
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2700
Trust: 0.8
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170517-01-ac-cn
Trust: 0.6
url:http://www.huawei.com/en/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-06862 // 
            
            
            
            VULHUB: VHN-110903 // 
            
            
            
            BID: 102166 // 
            
            
            
            JVNDB: JVNDB-2017-010599 // 
            
            
            
            CNNVD: CNNVD-201705-1283 // 
            
            
            
            NVD: CVE-2017-2700

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 102166

SOURCES
db:CNVDid:CNVD-2017-06862
db:VULHUBid:VHN-110903
db:BIDid:102166
db:JVNDBid:JVNDB-2017-010599
db:CNNVDid:CNNVD-201705-1283
db:NVDid:CVE-2017-2700

LAST UPDATE DATE
2024-11-23T22:42:02.454000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-06862date:2017-05-18T00:00:00
db:VULHUBid:VHN-110903date:2019-10-03T00:00:00
db:BIDid:102166date:2017-12-19T22:38:00
db:JVNDBid:JVNDB-2017-010599date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201705-1283date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2700date:2024-11-21T03:24:00.597

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-06862date:2017-05-18T00:00:00
db:VULHUBid:VHN-110903date:2017-11-22T00:00:00
db:BIDid:102166date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-010599date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201705-1283date:2017-05-26T00:00:00
db:NVDid:CVE-2017-2700date:2017-11-22T19:29:00.600