Sign-up

ID

VAR-201711-0930


CVE

CVE-2017-8167


TITLE

Huawei Firewall products USG9500 Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010800

DESCRIPTION

Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target device. Successful exploit of the vulnerability could cause the device to restart. Huawei Firewall products USG9500 Contains an input validation vulnerability.Denial of service (DoS) May be in a state. Huawei USG9500 is a firewall product of China Huawei (Huawei). There is a denial of service vulnerability in the Huawei USG9500 V500R001C50 version. The vulnerability is caused by the program not fully performing input validation

Trust: 1.71

sources: NVD: CVE-2017-8167 // JVNDB: JVNDB-2017-010800 // VULHUB: VHN-116370

AFFECTED PRODUCTS

vendor:huaweimodel:usg9500scope:eqversion:v500r001c50

Trust: 2.4

sources: JVNDB: JVNDB-2017-010800 // CNNVD: CNNVD-201711-966 // NVD: CVE-2017-8167

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8167
value: HIGH

Trust: 1.0

NVD: CVE-2017-8167
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201711-966
value: HIGH

Trust: 0.6

VULHUB: VHN-116370
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-8167
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116370
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8167
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116370 // JVNDB: JVNDB-2017-010800 // CNNVD: CNNVD-201711-966 // NVD: CVE-2017-8167

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-116370 // JVNDB: JVNDB-2017-010800 // NVD: CVE-2017-8167

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-966

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201711-966

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010800

PATCH
title:huawei-sa-20171025-01-firewallurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-firewall-en
Trust: 0.8
title:Huawei USG9500 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76676
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010800 // 
            
            
            
            CNNVD: CNNVD-201711-966

EXTERNAL IDS
db:NVDid:CVE-2017-8167
Trust: 2.5
db:JVNDBid:JVNDB-2017-010800
Trust: 0.8
db:CNNVDid:CNNVD-201711-966
Trust: 0.6
db:VULHUBid:VHN-116370
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116370 // 
            
            
            
            JVNDB: JVNDB-2017-010800 // 
            
            
            
            CNNVD: CNNVD-201711-966 // 
            
            
            
            NVD: CVE-2017-8167

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-firewall-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8167
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8167
Trust: 0.8
sources:
            
            
            VULHUB: VHN-116370 // 
            
            
            
            JVNDB: JVNDB-2017-010800 // 
            
            
            
            CNNVD: CNNVD-201711-966 // 
            
            
            
            NVD: CVE-2017-8167

SOURCES
db:VULHUBid:VHN-116370
db:JVNDBid:JVNDB-2017-010800
db:CNNVDid:CNNVD-201711-966
db:NVDid:CVE-2017-8167

LAST UPDATE DATE
2024-11-23T22:42:01.448000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116370date:2017-12-12T00:00:00
db:JVNDBid:JVNDB-2017-010800date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201711-966date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8167date:2024-11-21T03:33:27.410

SOURCES RELEASE DATE
db:VULHUBid:VHN-116370date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010800date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201711-966date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8167date:2017-11-22T19:29:03.867