Sign-up

ID

VAR-201711-0238


CVE

CVE-2017-2722


TITLE

plural Huawei Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-010747

DESCRIPTION

DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD with software V100R004C10,eSpace 7950 with software V200R003C00 and V200R003C30,eSpace IAD with software V300R001C07SPCa00 and V300R002C01SPCb00,eSpace U1981 with software V100R001C20, V100R001C30, V200R003C00, V200R003C20 and V200R003C30 have an input validation vulnerability.A remote attacker may exploit this vulnerability by crafting a malformed packet and sending it to the device. A successful exploit could allow the attacker to cause a denial of service or execute arbitrary code. plural Huawei The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are products of China Huawei (Huawei). The DP300 is a video conferencing terminal. The eSpace7950 is a smart IP video phone product from China's Huawei company. An input validation vulnerability exists in several Huawei products due to lack of input validation for the program. The following products and versions are affected: Huawei DP300 V500R002C00 Version; TE60 V100R001C01 Version, V100R001C10 Version, V100R003C00 Version, V500R002C00 Version, V600R006C00 Version; TP3106 V100R001C06 Version, V100R002C00 Version; ViewPoint 9030 V100R011C02 Version, V100R011C03 Version; eCNS210_TD V100R004C10 Version; eSpace 7950 V200R003C00 Version, V200R003C30; eSpace IAD V300R001C07SPCa00, V300R002C01SPCb00; eSpace U1981 V100R001C20, V100R001C30, V200R003C00, V200R003C20, V200R003C

Trust: 2.25

sources: NVD: CVE-2017-2722 // JVNDB: JVNDB-2017-010747 // CNVD: CNVD-2017-06945 // VULHUB: VHN-110925

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-06945

AFFECTED PRODUCTS

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10

Trust: 1.6

vendor:huaweimodel:espace 7950scope:eqversion:v200r003c00

Trust: 1.6

vendor:huaweimodel:espace 7950scope:eqversion:v200r003c30

Trust: 1.6

vendor:huaweimodel:espace u1981scope:eqversion:v200r003c00

Trust: 1.6

vendor:huaweimodel:espace u1981scope:eqversion:v100r001c20

Trust: 1.6

vendor:huaweimodel:espace u1981scope:eqversion:v200r003c20

Trust: 1.6

vendor:huaweimodel:espace u1981scope:eqversion:v200r003c30

Trust: 1.6

vendor:huaweimodel:espace iadscope:eqversion:v300r001c07spca00

Trust: 1.6

vendor:huaweimodel:espace u1981scope:eqversion:v100r001c30

Trust: 1.6

vendor:huaweimodel:espace iadscope:eqversion:v300r002c01spcb00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v100r003c00

Trust: 1.0

vendor:huaweimodel:viewpoint 9030scope:eqversion:v100r011c02

Trust: 1.0

vendor:huaweimodel:tp3106scope:eqversion:v100r001c06

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v100r001c01

Trust: 1.0

vendor:huaweimodel:tp3106scope:eqversion:v100r002c00

Trust: 1.0

vendor:huaweimodel:viewpoint 9030scope:eqversion:v100r011c03

Trust: 1.0

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:ecns210 tdscope: - version: -

Trust: 0.8

vendor:huaweimodel:espace 7950scope: - version: -

Trust: 0.8

vendor:huaweimodel:espace iadscope: - version: -

Trust: 0.8

vendor:huaweimodel:espace u1981scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:tp3106scope: - version: -

Trust: 0.8

vendor:huaweimodel:viewpoint 9030scope: - version: -

Trust: 0.8

vendor:huaweimodel:espace u1981 v200r003c30scope: - version: -

Trust: 0.6

vendor:huaweimodel:espace u1981 v200r003c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:tp3106 v100r001c06scope: - version: -

Trust: 0.6

vendor:huaweimodel:tp3106 v100r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:espace iad v300r001c07spca00scope: - version: -

Trust: 0.6

vendor:huaweimodel:espace iad v300r002c01spcb00scope: - version: -

Trust: 0.6

vendor:huaweimodel:espace u1981 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:espace u1981 v100r001c30scope: - version: -

Trust: 0.6

vendor:huaweimodel:espace u1981 v100r001c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:viewpoint v100r011c03scope:eqversion:9030

Trust: 0.6

vendor:huaweimodel:viewpoint v100r011c02scope:eqversion:9030

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:espace v200r003c00scope:eqversion:7950

Trust: 0.6

vendor:huaweimodel:espace v200r003c30scope:eqversion:7950

Trust: 0.6

sources: CNVD: CNVD-2017-06945 // JVNDB: JVNDB-2017-010747 // CNNVD: CNNVD-201705-647 // NVD: CVE-2017-2722

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2722
value: HIGH

Trust: 1.0

NVD: CVE-2017-2722
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-06945
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201705-647
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110925
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2722
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-06945
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110925
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2722
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-06945 // VULHUB: VHN-110925 // JVNDB: JVNDB-2017-010747 // CNNVD: CNNVD-201705-647 // NVD: CVE-2017-2722

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-110925 // JVNDB: JVNDB-2017-010747 // NVD: CVE-2017-2722

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-647

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201705-647

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010747

PATCH
title:huawei-sa-20170419-01-pseurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-pse-en
Trust: 0.8
title:Patches for various Huawei product input verification vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/93935
Trust: 0.6
title:Various Huawei product input verification vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70117
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-06945 // 
            
            
            
            JVNDB: JVNDB-2017-010747 // 
            
            
            
            CNNVD: CNNVD-201705-647

EXTERNAL IDS
db:NVDid:CVE-2017-2722
Trust: 3.1
db:JVNDBid:JVNDB-2017-010747
Trust: 0.8
db:CNNVDid:CNNVD-201705-647
Trust: 0.7
db:CNVDid:CNVD-2017-06945
Trust: 0.6
db:VULHUBid:VHN-110925
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-06945 // 
            
            
            
            VULHUB: VHN-110925 // 
            
            
            
            JVNDB: JVNDB-2017-010747 // 
            
            
            
            CNNVD: CNNVD-201705-647 // 
            
            
            
            NVD: CVE-2017-2722

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-pse-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2722
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2722
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170419-01-pse-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-06945 // 
            
            
            
            VULHUB: VHN-110925 // 
            
            
            
            JVNDB: JVNDB-2017-010747 // 
            
            
            
            CNNVD: CNNVD-201705-647 // 
            
            
            
            NVD: CVE-2017-2722

SOURCES
db:CNVDid:CNVD-2017-06945
db:VULHUBid:VHN-110925
db:JVNDBid:JVNDB-2017-010747
db:CNNVDid:CNNVD-201705-647
db:NVDid:CVE-2017-2722

LAST UPDATE DATE
2024-11-23T22:07:09.114000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-06945date:2017-05-18T00:00:00
db:VULHUBid:VHN-110925date:2017-12-11T00:00:00
db:JVNDBid:JVNDB-2017-010747date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201705-647date:2017-05-12T00:00:00
db:NVDid:CVE-2017-2722date:2024-11-21T03:24:03.187

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-06945date:2017-05-18T00:00:00
db:VULHUBid:VHN-110925date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010747date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201705-647date:2017-05-12T00:00:00
db:NVDid:CVE-2017-2722date:2017-11-22T19:29:01.427