Sign-up

ID

VAR-201711-0228


CVE

CVE-2017-2712


TITLE

Huawei S3300 Vulnerable to channel and path errors

Trust: 0.8

sources: JVNDB: JVNDB-2017-010601

DESCRIPTION

S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check. An attacker may craft malformed packets and send them to a device to cause EFM flapping. Huawei S3300 Contains vulnerabilities related to channel and path errors.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiS3300 is a Huawei switch device. The EFM feature flapping vulnerability is generated on the Huawei S3300. The device is faulty. As a result, the EFM service flaps. Huawei S3300 is prone to a remote denial-of-service vulnerability. Successful exploits may allow the attacker to cause denial-of-service condition. Huawei S3300 is a 100M Ethernet switch product of China Huawei (Huawei). There is a security vulnerability in the Huawei S3300 V100R006C05 version using the VRP platform

Trust: 2.52

sources: NVD: CVE-2017-2712 // JVNDB: JVNDB-2017-010601 // CNVD: CNVD-2017-00659 // BID: 95662 // VULHUB: VHN-110915

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-00659

AFFECTED PRODUCTS

vendor:huaweimodel:s3300scope:eqversion:v100r006c05

Trust: 2.4

vendor:huaweimodel:s3300 v100r006c05scope: - version: -

Trust: 0.9

vendor:huaweimodel:s3300 v100r006sph029scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-00659 // BID: 95662 // JVNDB: JVNDB-2017-010601 // CNNVD: CNNVD-201701-769 // NVD: CVE-2017-2712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2712
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2712
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-00659
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201701-769
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110915
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2712
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-00659
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110915
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2712
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-00659 // VULHUB: VHN-110915 // JVNDB: JVNDB-2017-010601 // CNNVD: CNNVD-201701-769 // NVD: CVE-2017-2712

PROBLEMTYPE DATA

problemtype:CWE-417

Trust: 1.9

sources: VULHUB: VHN-110915 // JVNDB: JVNDB-2017-010601 // NVD: CVE-2017-2712

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-769

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201701-769

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010601

PATCH
title:huawei-sa-20170118-01-vrpurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-vrp-en
Trust: 0.8
title:HuaweiS3300EFM Feature Suppression Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/88418
Trust: 0.6
title:Huawei S3300 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67328
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-00659 // 
            
            
            
            JVNDB: JVNDB-2017-010601 // 
            
            
            
            CNNVD: CNNVD-201701-769

EXTERNAL IDS
db:NVDid:CVE-2017-2712
Trust: 3.4
db:BIDid:95662
Trust: 2.0
db:JVNDBid:JVNDB-2017-010601
Trust: 0.8
db:CNNVDid:CNNVD-201701-769
Trust: 0.7
db:CNVDid:CNVD-2017-00659
Trust: 0.6
db:VULHUBid:VHN-110915
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-00659 // 
            
            
            
            VULHUB: VHN-110915 // 
            
            
            
            BID: 95662 // 
            
            
            
            JVNDB: JVNDB-2017-010601 // 
            
            
            
            CNNVD: CNNVD-201701-769 // 
            
            
            
            NVD: CVE-2017-2712

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-vrp-en
Trust: 2.0
url:http://www.securityfocus.com/bid/95662
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2712
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2712
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170118-01-vrp-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-00659 // 
            
            
            
            VULHUB: VHN-110915 // 
            
            
            
            BID: 95662 // 
            
            
            
            JVNDB: JVNDB-2017-010601 // 
            
            
            
            CNNVD: CNNVD-201701-769 // 
            
            
            
            NVD: CVE-2017-2712

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 95662

SOURCES
db:CNVDid:CNVD-2017-00659
db:VULHUBid:VHN-110915
db:BIDid:95662
db:JVNDBid:JVNDB-2017-010601
db:CNNVDid:CNNVD-201701-769
db:NVDid:CVE-2017-2712

LAST UPDATE DATE
2024-11-23T22:56:04.086000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-00659date:2017-01-20T00:00:00
db:VULHUBid:VHN-110915date:2017-12-08T00:00:00
db:BIDid:95662date:2017-01-23T00:12:00
db:JVNDBid:JVNDB-2017-010601date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201701-769date:2017-12-26T00:00:00
db:NVDid:CVE-2017-2712date:2024-11-21T03:24:02

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-00659date:2017-01-20T00:00:00
db:VULHUBid:VHN-110915date:2017-11-22T00:00:00
db:BIDid:95662date:2017-01-19T00:00:00
db:JVNDBid:JVNDB-2017-010601date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201701-769date:2017-01-20T00:00:00
db:NVDid:CVE-2017-2712date:2017-11-22T19:29:01.020