Details of VAR-201711-0256

ID

VAR-201711-0256

CVE

CVE-2017-2690

TITLE

Huawei SoftCo And multiple eSpace Resource management vulnerabilities in product software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010598

DESCRIPTION

SoftCo with software V200R003C20,eSpace U1910 with software V200R003C00, V200R003C20 and V200R003C30,eSpace U1911 with software V200R003C20, V200R003C30,eSpace U1930 with software V200R003C20 and V200R003C30,eSpace U1960 with software V200R003C20, V200R003C30,eSpace U1980 with software V200R003C20, V200R003C30,eSpace U1981 with software V200R003C20 and V200R003C30 have an denial of service (DoS) vulnerability, which allow an attacker with specific permission to craft a file containing malicious data and upload it to the device to exhaust memory, causing a DoS condition. Huawei SoftCo And multiple eSpace There is a resource management vulnerability in the product software.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei SoftCo is a series of switch products from China Huawei. eSpace is a communication solution of Huawei. Multiple Huawei Products are prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to cause a denial-of-service condition. The following products and versions are affected: Huawei SoftCo V200R003C20 Version; eSpace U1910 V200R003C00 Version, V200R003C20 Version, V200R003C30 Version; eSpace U1911 V200R003C20 Version, V200R003C30 Version; eSpace U1930 V200R003C20 Version, V200R003C30 Version; eSpace U1960 V200R003C20 Version, V200R003C30 Version; eSpace U1980 V200R003C20 version, V200R003C30 version; eSpace U1981 V200R003C20 version, V200R003C30 version

Trust: 2.52

sources: NVD: CVE-2017-2690 // JVNDB: JVNDB-2017-010598 // CNVD: CNVD-2017-00516 // BID: 95382 // VULHUB: VHN-110893

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-00516

AFFECTED PRODUCTS

vendor:	huawei	model:	espace u1911	scope:	eq	version:	v200r003c20	Trust: 2.4
vendor:	huawei	model:	espace u1911	scope:	eq	version:	v200r003c30	Trust: 2.4
vendor:	huawei	model:	espace u1930	scope:	eq	version:	v200r003c20	Trust: 2.4
vendor:	huawei	model:	espace u1930	scope:	eq	version:	v200r003c30	Trust: 2.4
vendor:	huawei	model:	espace u1960	scope:	eq	version:	v200r003c20	Trust: 2.4
vendor:	huawei	model:	espace u1960	scope:	eq	version:	v200r003c30	Trust: 2.4
vendor:	huawei	model:	espace u1980	scope:	eq	version:	v200r003c20	Trust: 2.4
vendor:	huawei	model:	espace u1980	scope:	eq	version:	v200r003c30	Trust: 2.4
vendor:	huawei	model:	espace u1981	scope:	eq	version:	v200r003c20	Trust: 2.4
vendor:	huawei	model:	espace u1981	scope:	eq	version:	v200r003c30	Trust: 2.4
vendor:	huawei	model:	espace u1910	scope:	eq	version:	v200r003c00	Trust: 1.8
vendor:	huawei	model:	espace u1910	scope:	eq	version:	v200r003c20	Trust: 1.8
vendor:	huawei	model:	espace u1910	scope:	eq	version:	v200r003c30	Trust: 1.8
vendor:	huawei	model:	softco	scope:	eq	version:	v200r003c20	Trust: 1.8
vendor:	huawei	model:	softco v200r003c20	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	espace u1910 v200r003c00	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	espace u1910 v200r003c20	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	espace u1910 v200r003c30	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	espace u1911 v200r003c20	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	espace u1911 v200r003c30	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	espace u1930 v200r003c20	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	espace u1930 v200r003c30	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	espace u1960 v200r003c20	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	espace u1960 v200r003c30	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	espace u1980 v200r003c20	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	espace u1980 v200r003c30	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	espace u1981 v200r003c30	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	espace u1981 v200r003c20	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	softco v200r003c30spc100	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	espace u1981 v200r003c30spc100	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	espace u1980 v200r003c30spc100	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	espace u1960 v200r003c30spc100	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	espace u1930 v200r003c30spc100	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	espace u1911 v200r003c30spc100	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	espace u1910 v200r003c30spc100	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2017-00516 // BID: 95382 // JVNDB: JVNDB-2017-010598 // CNNVD: CNNVD-201701-254 // NVD: CVE-2017-2690

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2690
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-2690
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-00516
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201701-254
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-110893
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-2690
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-00516
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-110893
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2690
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-00516 // VULHUB: VHN-110893 // JVNDB: JVNDB-2017-010598 // CNNVD: CNNVD-201701-254 // NVD: CVE-2017-2690

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-110893 // JVNDB: JVNDB-2017-010598 // NVD: CVE-2017-2690

THREAT TYPE

local

Trust: 0.9

sources: BID: 95382 // CNNVD: CNNVD-201701-254

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201701-254

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010598

PATCH

title:	huawei-sa-20170111-01-parser	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-parser-en	Trust: 0.8
title:	Patches for various Huawei Product Denial of Service Vulnerabilities (CNVD-2017-00516)	url:	https://www.cnvd.org.cn/patchInfo/show/88086	Trust: 0.6
title:	Various Huawei product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66957	Trust: 0.6

sources: CNVD: CNVD-2017-00516 // JVNDB: JVNDB-2017-010598 // CNNVD: CNNVD-201701-254

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2690	Trust: 3.4
db:	BID	id:	95382	Trust: 2.6
db:	JVNDB	id:	JVNDB-2017-010598	Trust: 0.8
db:	CNNVD	id:	CNNVD-201701-254	Trust: 0.7
db:	CNVD	id:	CNVD-2017-00516	Trust: 0.6
db:	VULHUB	id:	VHN-110893	Trust: 0.1

sources: CNVD: CNVD-2017-00516 // VULHUB: VHN-110893 // BID: 95382 // JVNDB: JVNDB-2017-010598 // CNNVD: CNNVD-201701-254 // NVD: CVE-2017-2690

REFERENCES

url:	http://www.securityfocus.com/bid/95382	Trust: 2.3
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-parser-en	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2690	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2690	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170111-01-parser-cn	Trust: 0.6
url:	http://www.huawei.com	Trust: 0.3

sources: CNVD: CNVD-2017-00516 // VULHUB: VHN-110893 // BID: 95382 // JVNDB: JVNDB-2017-010598 // CNNVD: CNNVD-201701-254 // NVD: CVE-2017-2690

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 95382

SOURCES

db:	CNVD	id:	CNVD-2017-00516
db:	VULHUB	id:	VHN-110893
db:	BID	id:	95382
db:	JVNDB	id:	JVNDB-2017-010598
db:	CNNVD	id:	CNNVD-201701-254
db:	NVD	id:	CVE-2017-2690

LAST UPDATE DATE

2024-11-23T22:22:22.663000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-00516	date:	2017-01-17T00:00:00
db:	VULHUB	id:	VHN-110893	date:	2019-10-03T00:00:00
db:	BID	id:	95382	date:	2017-01-12T00:15:00
db:	JVNDB	id:	JVNDB-2017-010598	date:	2017-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201701-254	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-2690	date:	2024-11-21T03:23:59.170

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-00516	date:	2017-01-17T00:00:00
db:	VULHUB	id:	VHN-110893	date:	2017-11-22T00:00:00
db:	BID	id:	95382	date:	2017-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-010598	date:	2017-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201701-254	date:	2017-01-12T00:00:00
db:	NVD	id:	CVE-2017-2690	date:	2017-11-22T19:29:00.257