Sign-up

ID

VAR-201802-0259


CVE

CVE-2017-17288


TITLE

plural Huawei Product integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012471

DESCRIPTION

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. An unauthenticated, remote attacker may send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause integer overflow and some process abnormal. plural Huawei The product contains an integer overflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. An integer overflow vulnerability exists in several Huawei products because the device failed to adequately verify some of the fields in the message. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Trust: 2.25

sources: NVD: CVE-2017-17288 // JVNDB: JVNDB-2017-012471 // CNVD: CNVD-2018-02553 // VULHUB: VHN-108295

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-02553

AFFECTED PRODUCTS

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 2.4

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.8

vendor:huaweimodel:rp200scope:eqversion:v500r002c00

Trust: 1.8

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-02553 // JVNDB: JVNDB-2017-012471 // CNNVD: CNNVD-201802-454 // NVD: CVE-2017-17288

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17288
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17288
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-02553
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201802-454
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108295
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17288
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-02553
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108295
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17288
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-02553 // VULHUB: VHN-108295 // JVNDB: JVNDB-2017-012471 // CNNVD: CNNVD-201802-454 // NVD: CVE-2017-17288

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.9

sources: VULHUB: VHN-108295 // JVNDB: JVNDB-2017-012471 // NVD: CVE-2017-17288

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-454

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201802-454

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012471

PATCH
title:huawei-sa-20180131-01-integerurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180131-01-integer-en
Trust: 0.8
title:Patches for multiple Huawei product integer overflow vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/115333
Trust: 0.6
title:Multiple Huawei Product digital error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78533
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02553 // 
            
            
            
            JVNDB: JVNDB-2017-012471 // 
            
            
            
            CNNVD: CNNVD-201802-454

EXTERNAL IDS
db:NVDid:CVE-2017-17288
Trust: 3.1
db:JVNDBid:JVNDB-2017-012471
Trust: 0.8
db:CNNVDid:CNNVD-201802-454
Trust: 0.7
db:CNVDid:CNVD-2018-02553
Trust: 0.6
db:VULHUBid:VHN-108295
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-02553 // 
            
            
            
            VULHUB: VHN-108295 // 
            
            
            
            JVNDB: JVNDB-2017-012471 // 
            
            
            
            CNNVD: CNNVD-201802-454 // 
            
            
            
            NVD: CVE-2017-17288

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180131-01-integer-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17288
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17288
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180131-01-integer-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02553 // 
            
            
            
            VULHUB: VHN-108295 // 
            
            
            
            JVNDB: JVNDB-2017-012471 // 
            
            
            
            CNNVD: CNNVD-201802-454 // 
            
            
            
            NVD: CVE-2017-17288

SOURCES
db:CNVDid:CNVD-2018-02553
db:VULHUBid:VHN-108295
db:JVNDBid:JVNDB-2017-012471
db:CNNVDid:CNNVD-201802-454
db:NVDid:CVE-2017-17288

LAST UPDATE DATE
2024-11-23T21:53:27.045000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-02553date:2018-02-01T00:00:00
db:VULHUBid:VHN-108295date:2018-02-26T00:00:00
db:JVNDBid:JVNDB-2017-012471date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201802-454date:2018-02-22T00:00:00
db:NVDid:CVE-2017-17288date:2024-11-21T03:17:45.487

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-02553date:2018-02-01T00:00:00
db:VULHUBid:VHN-108295date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012471date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201802-454date:2018-02-22T00:00:00
db:NVDid:CVE-2017-17288date:2018-02-15T16:29:02.953