Sign-up

ID

VAR-201711-1028


CVE

CVE-2017-8213


TITLE

Huawei SMC2.0 Certificate validation vulnerability in other software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010590

DESCRIPTION

Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module. Multiple Huawei products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Huawei SMC2.0 is a set of video management solutions of China Huawei (Huawei). The solution supports H.323 and SIP two mainstream protocols at the same time, and supports the access of devices such as computers and mobile phones. The following versions are affected: Huawei SMC2.0 V100R003C10 Version, V100R005C00SPC100 Version, V100R005C00SPC101B001T Version, V100R005C00SPC102 Version, V100R005C00SPC103 Version, V100R005C00SPC200 Version, V100R005C00SPC201T Version, V500R002C00 Version, V600R006C00 Version

Trust: 1.98

sources: NVD: CVE-2017-8213 // JVNDB: JVNDB-2017-010590 // BID: 100350 // VULHUB: VHN-116416

AFFECTED PRODUCTS

vendor:huaweimodel:smc2.0scope:eqversion:v100r003c10

Trust: 2.4

vendor:huaweimodel:smc2.0scope:eqversion:v100r005c00spc100

Trust: 2.4

vendor:huaweimodel:smc2.0scope:eqversion:v100r005c00spc101b001t

Trust: 2.4

vendor:huaweimodel:smc2.0scope:eqversion:v100r005c00spc102

Trust: 2.4

vendor:huaweimodel:smc2.0scope:eqversion:v100r005c00spc103

Trust: 2.4

vendor:huaweimodel:smc2.0scope:eqversion:v100r005c00spc200

Trust: 2.4

vendor:huaweimodel:smc2.0scope:eqversion:v100r005c00spc201t

Trust: 2.4

vendor:huaweimodel:smc2.0scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:smc2.0scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:smc2.0 v600r006c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:smc2.0 v500r002c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:smc2.0 v100r005c00spc201tscope: - version: -

Trust: 0.3

vendor:huaweimodel:smc2.0 v100r005c00spc200scope: - version: -

Trust: 0.3

vendor:huaweimodel:smc2.0 v100r005c00spc103scope: - version: -

Trust: 0.3

vendor:huaweimodel:smc2.0 v100r005c00spc102scope: - version: -

Trust: 0.3

vendor:huaweimodel:smc2.0 v100r005c00spc100scope: - version: -

Trust: 0.3

vendor:huaweimodel:smc2.0 v100r003c10scope: - version: -

Trust: 0.3

vendor:huaweimodel:smc2.0 v600r006c00spc300scope:neversion: -

Trust: 0.3

vendor:huaweimodel:smc2.0 v500r002c00spcc00scope:neversion: -

Trust: 0.3

sources: BID: 100350 // JVNDB: JVNDB-2017-010590 // CNNVD: CNNVD-201707-653 // NVD: CVE-2017-8213

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8213
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8213
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201707-653
value: MEDIUM

Trust: 0.6

VULHUB: VHN-116416
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8213
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116416
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8213
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116416 // JVNDB: JVNDB-2017-010590 // CNNVD: CNNVD-201707-653 // NVD: CVE-2017-8213

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.9

sources: VULHUB: VHN-116416 // JVNDB: JVNDB-2017-010590 // NVD: CVE-2017-8213

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-653

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201707-653

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010590

PATCH
title:huawei-sa-20170705-01-tlsurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170705-01-tls-en
Trust: 0.8
title:Huawei SMC2.0 Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71751
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010590 // 
            
            
            
            CNNVD: CNNVD-201707-653

EXTERNAL IDS
db:NVDid:CVE-2017-8213
Trust: 2.8
db:JVNDBid:JVNDB-2017-010590
Trust: 0.8
db:CNNVDid:CNNVD-201707-653
Trust: 0.7
db:BIDid:100350
Trust: 0.4
db:VULHUBid:VHN-116416
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116416 // 
            
            
            
            BID: 100350 // 
            
            
            
            JVNDB: JVNDB-2017-010590 // 
            
            
            
            CNNVD: CNNVD-201707-653 // 
            
            
            
            NVD: CVE-2017-8213

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170705-01-tls-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8213
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8213
Trust: 0.8
url:http://www.huawei.com/en/
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170705-01-tls-en
Trust: 0.3
sources:
            
            
            VULHUB: VHN-116416 // 
            
            
            
            BID: 100350 // 
            
            
            
            JVNDB: JVNDB-2017-010590 // 
            
            
            
            CNNVD: CNNVD-201707-653 // 
            
            
            
            NVD: CVE-2017-8213

CREDITS
Huawei
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201707-653

SOURCES
db:VULHUBid:VHN-116416
db:BIDid:100350
db:JVNDBid:JVNDB-2017-010590
db:CNNVDid:CNNVD-201707-653
db:NVDid:CVE-2017-8213

LAST UPDATE DATE
2024-11-23T23:02:19.086000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116416date:2017-12-08T00:00:00
db:BIDid:100350date:2017-07-05T00:00:00
db:JVNDBid:JVNDB-2017-010590date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201707-653date:2017-07-17T00:00:00
db:NVDid:CVE-2017-8213date:2024-11-21T03:33:32.940

SOURCES RELEASE DATE
db:VULHUBid:VHN-116416date:2017-11-22T00:00:00
db:BIDid:100350date:2017-07-05T00:00:00
db:JVNDBid:JVNDB-2017-010590date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201707-653date:2017-07-17T00:00:00
db:NVDid:CVE-2017-8213date:2017-11-22T19:29:05.477