Details of VAR-201711-1015

ID

VAR-201711-1015

CVE

CVE-2017-8200

TITLE

plural Huawei Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010447

DESCRIPTION

MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot. Huawei MAX PRESENCE , TP3106 ,and TP3206 Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Huawei products are prone to a remote denial-of-service vulnerability. Huawei MAX PRESENCE, TP3106 and TP3206 are all panoramic video conferencing solutions of China's Huawei (Huawei). H323 protocol is one of the video and audio communication protocols. The vulnerability is caused by the fact that the program does not fully verify data packets. An attacker who successfully logs in could exploit the vulnerability by sending a specially crafted packet to cause a process restart (out-of-bounds read)

Trust: 1.98

sources: NVD: CVE-2017-8200 // JVNDB: JVNDB-2017-010447 // BID: 101948 // VULHUB: VHN-116403

AFFECTED PRODUCTS

vendor:	huawei	model:	max presence	scope:	eq	version:	v100r001c00	Trust: 2.4
vendor:	huawei	model:	tp3106	scope:	eq	version:	v100r002c00	Trust: 2.4
vendor:	huawei	model:	tp3206	scope:	eq	version:	v100r002c00	Trust: 2.4
vendor:	huawei	model:	tp3206 v100r002c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	tp3106 v100r002c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	max presence v100r001c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	tp3206 v100r002c00spc800	scope:	ne	version:	-	Trust: 0.3

sources: BID: 101948 // JVNDB: JVNDB-2017-010447 // CNNVD: CNNVD-201711-938 // NVD: CVE-2017-8200

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8200
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-8200
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201711-938
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-116403
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-8200
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-116403
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-8200
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-116403 // JVNDB: JVNDB-2017-010447 // CNNVD: CNNVD-201711-938 // NVD: CVE-2017-8200

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.9

sources: VULHUB: VHN-116403 // JVNDB: JVNDB-2017-010447 // NVD: CVE-2017-8200

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-938

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-938

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010447

PATCH

title:	huawei-sa-20170927-01-h323	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-en	Trust: 0.8
title:	Huawei MAX PRESENCE , TP3106 and TP3206 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76648	Trust: 0.6

sources: JVNDB: JVNDB-2017-010447 // CNNVD: CNNVD-201711-938

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8200	Trust: 2.8
db:	BID	id:	101948	Trust: 1.4
db:	JVNDB	id:	JVNDB-2017-010447	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-938	Trust: 0.7
db:	VULHUB	id:	VHN-116403	Trust: 0.1

sources: VULHUB: VHN-116403 // BID: 101948 // JVNDB: JVNDB-2017-010447 // CNNVD: CNNVD-201711-938 // NVD: CVE-2017-8200

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-en	Trust: 2.0
url:	http://www.securityfocus.com/bid/101948	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8200	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8200	Trust: 0.8
url:	http://www.huawei.com/en/	Trust: 0.3

sources: VULHUB: VHN-116403 // BID: 101948 // JVNDB: JVNDB-2017-010447 // CNNVD: CNNVD-201711-938 // NVD: CVE-2017-8200

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 101948

SOURCES

db:	VULHUB	id:	VHN-116403
db:	BID	id:	101948
db:	JVNDB	id:	JVNDB-2017-010447
db:	CNNVD	id:	CNNVD-201711-938
db:	NVD	id:	CVE-2017-8200

LAST UPDATE DATE

2024-11-23T22:07:07.513000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-116403	date:	2017-12-06T00:00:00
db:	BID	id:	101948	date:	2017-12-19T22:37:00
db:	JVNDB	id:	JVNDB-2017-010447	date:	2017-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201711-938	date:	2017-11-24T00:00:00
db:	NVD	id:	CVE-2017-8200	date:	2024-11-21T03:33:31.320

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-116403	date:	2017-11-22T00:00:00
db:	BID	id:	101948	date:	2017-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-010447	date:	2017-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201711-938	date:	2017-11-24T00:00:00
db:	NVD	id:	CVE-2017-8200	date:	2017-11-22T19:29:05.023