Sign-up

ID

VAR-201802-0241


CVE

CVE-2017-15355


TITLE

plural Huawei Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012297

DESCRIPTION

Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300, RP200, TE series and TX50 are Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A buffer overflow vulnerability exists in several Huawei products because the device failed to adequately verify the parameters in the message. The exploit exploited this vulnerability through a carefully constructed HTTP message to cause some service exceptions. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TX50 V500R002C00 version, V600R006C00 version

Trust: 2.25

sources: NVD: CVE-2017-15355 // JVNDB: JVNDB-2017-012297 // CNVD: CNVD-2017-34415 // VULHUB: VHN-106169

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-34415

AFFECTED PRODUCTS

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:tx50scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:tx50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 1.0

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:rp200scope: - version: -

Trust: 0.8

vendor:huaweimodel:te30scope: - version: -

Trust: 0.8

vendor:huaweimodel:te40scope: - version: -

Trust: 0.8

vendor:huaweimodel:te50scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:tx50scope: - version: -

Trust: 0.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:tx50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:tx50 v600r006c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-34415 // JVNDB: JVNDB-2017-012297 // CNNVD: CNNVD-201802-459 // NVD: CVE-2017-15355

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15355
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-15355
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-34415
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201802-459
value: MEDIUM

Trust: 0.6

VULHUB: VHN-106169
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-15355
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34415
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-106169
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-15355
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-34415 // VULHUB: VHN-106169 // JVNDB: JVNDB-2017-012297 // CNNVD: CNNVD-201802-459 // NVD: CVE-2017-15355

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-106169 // JVNDB: JVNDB-2017-012297 // NVD: CVE-2017-15355

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-459

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201802-459

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012297

PATCH
title:huawei-sa-20171108-02-httpurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en
Trust: 0.8
title:Patch for multiple Huawei product buffer overflow vulnerabilities (CNVD-2017-34415)url:https://www.cnvd.org.cn/patchInfo/show/106298
Trust: 0.6
title:Multiple Huawei Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78538
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34415 // 
            
            
            
            JVNDB: JVNDB-2017-012297 // 
            
            
            
            CNNVD: CNNVD-201802-459

EXTERNAL IDS
db:NVDid:CVE-2017-15355
Trust: 3.1
db:JVNDBid:JVNDB-2017-012297
Trust: 0.8
db:CNNVDid:CNNVD-201802-459
Trust: 0.7
db:CNVDid:CNVD-2017-34415
Trust: 0.6
db:VULHUBid:VHN-106169
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34415 // 
            
            
            
            VULHUB: VHN-106169 // 
            
            
            
            JVNDB: JVNDB-2017-012297 // 
            
            
            
            CNNVD: CNNVD-201802-459 // 
            
            
            
            NVD: CVE-2017-15355

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15355
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15355
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171108-02-http-cn
Trust: 0.6
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02- link :http-en
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34415 // 
            
            
            
            VULHUB: VHN-106169 // 
            
            
            
            JVNDB: JVNDB-2017-012297 // 
            
            
            
            CNNVD: CNNVD-201802-459 // 
            
            
            
            NVD: CVE-2017-15355

SOURCES
db:CNVDid:CNVD-2017-34415
db:VULHUBid:VHN-106169
db:JVNDBid:JVNDB-2017-012297
db:CNNVDid:CNNVD-201802-459
db:NVDid:CVE-2017-15355

LAST UPDATE DATE
2024-11-23T22:17:39.657000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34415date:2017-11-17T00:00:00
db:VULHUBid:VHN-106169date:2018-02-22T00:00:00
db:JVNDBid:JVNDB-2017-012297date:2018-03-06T00:00:00
db:CNNVDid:CNNVD-201802-459date:2018-02-23T00:00:00
db:NVDid:CVE-2017-15355date:2024-11-21T03:14:32.037

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-34415date:2017-11-26T00:00:00
db:VULHUBid:VHN-106169date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012297date:2018-03-06T00:00:00
db:CNNVDid:CNNVD-201802-459date:2018-02-23T00:00:00
db:NVDid:CVE-2017-15355date:2018-02-15T16:29:01.500