Details of VAR-201802-0260

ID

VAR-201802-0260

CVE

CVE-2017-17289

TITLE

plural Huawei Resource management vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012472

DESCRIPTION

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. The software does not release allocated memory properly when handling XML data. An authenticated, local attacker could upload crafted XML file repeatedly to cause memory leak and service abnormal. plural Huawei The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Trust: 2.25

sources: NVD: CVE-2017-17289 // JVNDB: JVNDB-2017-012472 // CNVD: CNVD-2018-02543 // VULHUB: VHN-108296

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-02543

AFFECTED PRODUCTS

vendor:	huawei	model:	te30	scope:	eq	version:	v100r001c10	Trust: 2.4
vendor:	huawei	model:	te30	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te30	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te40	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te40	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te50	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te50	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te60	scope:	eq	version:	v100r001c10	Trust: 2.4
vendor:	huawei	model:	te60	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te60	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	dp300	scope:	eq	version:	v500r002c00	Trust: 1.8
vendor:	huawei	model:	rp200	scope:	eq	version:	v500r002c00	Trust: 1.8
vendor:	huawei	model:	rp200	scope:	eq	version:	v600r006c00	Trust: 1.8
vendor:	huawei	model:	dp300 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v600r006c00	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-02543 // JVNDB: JVNDB-2017-012472 // CNNVD: CNNVD-201802-453 // NVD: CVE-2017-17289

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17289
value:	LOW
Trust: 1.0
NVD:	CVE-2017-17289
value:	LOW
Trust: 0.8
CNVD:	CNVD-2018-02543
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201802-453
value:	LOW
Trust: 0.6
VULHUB:	VHN-108296
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-17289
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-02543
severity:	LOW
baseScore:	1.7
vectorString:	AV:L/AC:L/AU:S/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.1
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-108296
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17289
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-02543 // VULHUB: VHN-108296 // JVNDB: JVNDB-2017-012472 // CNNVD: CNNVD-201802-453 // NVD: CVE-2017-17289

PROBLEMTYPE DATA

problemtype:	CWE-772	Trust: 1.1
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-108296 // JVNDB: JVNDB-2017-012472 // NVD: CVE-2017-17289

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201802-453

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201802-453

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012472

PATCH

title:	huawei-sa-20180124-01-xml	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-xml-en	Trust: 0.8
title:	Patch of several Huawei product memory leak vulnerabilities (CNVD-2018-02543)	url:	https://www.cnvd.org.cn/patchInfo/show/115273	Trust: 0.6
title:	Multiple Huawei Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78532	Trust: 0.6

sources: CNVD: CNVD-2018-02543 // JVNDB: JVNDB-2017-012472 // CNNVD: CNNVD-201802-453

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17289	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-012472	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-453	Trust: 0.7
db:	CNVD	id:	CNVD-2018-02543	Trust: 0.6
db:	VULHUB	id:	VHN-108296	Trust: 0.1

sources: CNVD: CNVD-2018-02543 // VULHUB: VHN-108296 // JVNDB: JVNDB-2017-012472 // CNNVD: CNNVD-201802-453 // NVD: CVE-2017-17289

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-xml-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17289	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17289	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20180124-01-xml-cn	Trust: 0.6

sources: CNVD: CNVD-2018-02543 // VULHUB: VHN-108296 // JVNDB: JVNDB-2017-012472 // CNNVD: CNNVD-201802-453 // NVD: CVE-2017-17289

SOURCES

db:	CNVD	id:	CNVD-2018-02543
db:	VULHUB	id:	VHN-108296
db:	JVNDB	id:	JVNDB-2017-012472
db:	CNNVD	id:	CNNVD-201802-453
db:	NVD	id:	CVE-2017-17289

LAST UPDATE DATE

2024-11-23T22:07:00.066000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-02543	date:	2018-02-01T00:00:00
db:	VULHUB	id:	VHN-108296	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-012472	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201802-453	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-17289	date:	2024-11-21T03:17:45.610

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-02543	date:	2018-02-01T00:00:00
db:	VULHUB	id:	VHN-108296	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-012472	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201802-453	date:	2018-02-22T00:00:00
db:	NVD	id:	CVE-2017-17289	date:	2018-02-15T16:29:03.017