Details of VAR-201711-1014

ID

VAR-201711-1014

CVE

CVE-2017-8199

TITLE

plural Huawei Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010446

DESCRIPTION

MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot. Huawei MAX PRESENCE , TP3106 ,and TP3206 Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Huawei products are prone to a remote denial-of-service vulnerability. Huawei MAX PRESENCE, TP3106 and TP3206 are all panoramic video conferencing solutions of China's Huawei (Huawei). H323 protocol is one of the video and audio communication protocols. The vulnerability is caused by the fact that the program does not fully verify data packets. An attacker who successfully logs in could exploit the vulnerability by sending a specially crafted packet to cause a process restart (out-of-bounds read)

Trust: 1.98

sources: NVD: CVE-2017-8199 // JVNDB: JVNDB-2017-010446 // BID: 101951 // VULHUB: VHN-116402

AFFECTED PRODUCTS

vendor:	huawei	model:	max presence	scope:	eq	version:	v100r001c00	Trust: 2.4
vendor:	huawei	model:	tp3106	scope:	eq	version:	v100r002c00	Trust: 2.4
vendor:	huawei	model:	tp3206	scope:	eq	version:	v100r002c00	Trust: 2.4
vendor:	huawei	model:	tp3206 v100r002c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	tp3106 v100r002c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	max presence v100r001c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	tp3206 v100r002c00spc800	scope:	ne	version:	-	Trust: 0.3

sources: BID: 101951 // JVNDB: JVNDB-2017-010446 // CNNVD: CNNVD-201711-939 // NVD: CVE-2017-8199

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8199
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-8199
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201711-939
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-116402
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-8199
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-116402
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-8199
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-116402 // JVNDB: JVNDB-2017-010446 // CNNVD: CNNVD-201711-939 // NVD: CVE-2017-8199

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.9

sources: VULHUB: VHN-116402 // JVNDB: JVNDB-2017-010446 // NVD: CVE-2017-8199

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-939

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-939

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010446

PATCH

title:	huawei-sa-20170927-01-h323	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-en	Trust: 0.8
title:	Huawei MAX PRESENCE , TP3106 and TP3206 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76649	Trust: 0.6

sources: JVNDB: JVNDB-2017-010446 // CNNVD: CNNVD-201711-939

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8199	Trust: 2.8
db:	BID	id:	101951	Trust: 1.4
db:	JVNDB	id:	JVNDB-2017-010446	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-939	Trust: 0.7
db:	VULHUB	id:	VHN-116402	Trust: 0.1

sources: VULHUB: VHN-116402 // BID: 101951 // JVNDB: JVNDB-2017-010446 // CNNVD: CNNVD-201711-939 // NVD: CVE-2017-8199

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-en	Trust: 2.0
url:	http://www.securityfocus.com/bid/101951	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8199	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8199	Trust: 0.8
url:	http://www.huawei.com/en/	Trust: 0.3

sources: VULHUB: VHN-116402 // BID: 101951 // JVNDB: JVNDB-2017-010446 // CNNVD: CNNVD-201711-939 // NVD: CVE-2017-8199

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 101951

SOURCES

db:	VULHUB	id:	VHN-116402
db:	BID	id:	101951
db:	JVNDB	id:	JVNDB-2017-010446
db:	CNNVD	id:	CNNVD-201711-939
db:	NVD	id:	CVE-2017-8199

LAST UPDATE DATE

2024-11-23T22:42:01.340000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-116402	date:	2017-12-06T00:00:00
db:	BID	id:	101951	date:	2017-12-19T22:00:00
db:	JVNDB	id:	JVNDB-2017-010446	date:	2017-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201711-939	date:	2017-11-24T00:00:00
db:	NVD	id:	CVE-2017-8199	date:	2024-11-21T03:33:31.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-116402	date:	2017-11-22T00:00:00
db:	BID	id:	101951	date:	2017-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-010446	date:	2017-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201711-939	date:	2017-11-24T00:00:00
db:	NVD	id:	CVE-2017-8199	date:	2017-11-22T19:29:04.977