Sign-up

ID

VAR-201802-0242


CVE

CVE-2017-15356


TITLE

plural Huawei Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012298

DESCRIPTION

Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300, RP200, TE series and TX50 are Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A buffer overflow vulnerability exists in several Huawei products because the device failed to adequately verify the parameters in the message. The exploit exploited this vulnerability through a carefully constructed HTTP message to cause some service exceptions. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TX50 V500R002C00 version, V600R006C00 version

Trust: 2.25

sources: NVD: CVE-2017-15356 // JVNDB: JVNDB-2017-012298 // CNVD: CNVD-2017-34416 // VULHUB: VHN-106170

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-34416

AFFECTED PRODUCTS

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:tx50scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:tx50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 1.0

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:rp200scope: - version: -

Trust: 0.8

vendor:huaweimodel:te30scope: - version: -

Trust: 0.8

vendor:huaweimodel:te40scope: - version: -

Trust: 0.8

vendor:huaweimodel:te50scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:tx50scope: - version: -

Trust: 0.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:tx50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:tx50 v600r006c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-34416 // JVNDB: JVNDB-2017-012298 // CNNVD: CNNVD-201802-458 // NVD: CVE-2017-15356

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15356
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-15356
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-34416
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201802-458
value: MEDIUM

Trust: 0.6

VULHUB: VHN-106170
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-15356
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34416
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-106170
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-15356
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-34416 // VULHUB: VHN-106170 // JVNDB: JVNDB-2017-012298 // CNNVD: CNNVD-201802-458 // NVD: CVE-2017-15356

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-106170 // JVNDB: JVNDB-2017-012298 // NVD: CVE-2017-15356

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-458

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201802-458

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012298

PATCH
title:huawei-sa-20171108-02-httpurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en
Trust: 0.8
title:Patch for multiple Huawei product buffer overflow vulnerabilities (CNVD-2017-34416)url:https://www.cnvd.org.cn/patchInfo/show/106299
Trust: 0.6
title:Multiple Huawei Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78537
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34416 // 
            
            
            
            JVNDB: JVNDB-2017-012298 // 
            
            
            
            CNNVD: CNNVD-201802-458

EXTERNAL IDS
db:NVDid:CVE-2017-15356
Trust: 3.1
db:JVNDBid:JVNDB-2017-012298
Trust: 0.8
db:CNNVDid:CNNVD-201802-458
Trust: 0.7
db:CNVDid:CNVD-2017-34416
Trust: 0.6
db:VULHUBid:VHN-106170
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34416 // 
            
            
            
            VULHUB: VHN-106170 // 
            
            
            
            JVNDB: JVNDB-2017-012298 // 
            
            
            
            CNNVD: CNNVD-201802-458 // 
            
            
            
            NVD: CVE-2017-15356

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15356
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15356
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171108-02-http-cn
Trust: 0.6
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02- link :http-en
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34416 // 
            
            
            
            VULHUB: VHN-106170 // 
            
            
            
            JVNDB: JVNDB-2017-012298 // 
            
            
            
            CNNVD: CNNVD-201802-458 // 
            
            
            
            NVD: CVE-2017-15356

SOURCES
db:CNVDid:CNVD-2017-34416
db:VULHUBid:VHN-106170
db:JVNDBid:JVNDB-2017-012298
db:CNNVDid:CNNVD-201802-458
db:NVDid:CVE-2017-15356

LAST UPDATE DATE
2024-11-23T21:39:47.749000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34416date:2017-11-17T00:00:00
db:VULHUBid:VHN-106170date:2018-02-22T00:00:00
db:JVNDBid:JVNDB-2017-012298date:2018-03-06T00:00:00
db:CNNVDid:CNNVD-201802-458date:2018-02-23T00:00:00
db:NVDid:CVE-2017-15356date:2024-11-21T03:14:32.163

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-34416date:2017-11-17T00:00:00
db:VULHUBid:VHN-106170date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012298date:2018-03-06T00:00:00
db:CNNVDid:CNNVD-201802-458date:2018-02-23T00:00:00
db:NVDid:CVE-2017-15356date:2018-02-15T16:29:01.547