Sign-up

ID

VAR-201802-0261


CVE

CVE-2017-17290


TITLE

Huawei TE60 and ViewPoint 9030 Software management resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012524

DESCRIPTION

The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with software V600R006C00, ViewPoint 9030 with software V100R011C02, V100R011C03 have a resource management errors vulnerability. An unauthenticated, remote attacker may make the LDAP server not respond to the client's request by controlling the LDAP server. Due to improper management of LDAP connection resource, a successful exploit may cause the connection resource exhausted of the LDAP client. Both Huawei TE60 and ViewPoint 9030 are products of the Chinese company Huawei. Huawei TE60 is an all-in-one high-definition video conferencing terminal device that supports intelligent voice calling and Wi-Fi wireless interconnection. ViewPoint 9030 is a multi-point control unit of a video conference system. The following products and versions are affected: Huawei TE60 V600R006C00; ViewPoint 9030 V100R011C02 and V100R011C03

Trust: 1.71

sources: NVD: CVE-2017-17290 // JVNDB: JVNDB-2017-012524 // VULHUB: VHN-108298

AFFECTED PRODUCTS

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:viewpoint 9030scope:eqversion:v100r011c02

Trust: 2.4

vendor:huaweimodel:viewpoint 9030scope:eqversion:v100r011c03

Trust: 2.4

sources: JVNDB: JVNDB-2017-012524 // CNNVD: CNNVD-201712-681 // NVD: CVE-2017-17290

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17290
value: HIGH

Trust: 1.0

NVD: CVE-2017-17290
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201712-681
value: HIGH

Trust: 0.6

VULHUB: VHN-108298
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17290
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-108298
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17290
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-108298 // JVNDB: JVNDB-2017-012524 // CNNVD: CNNVD-201712-681 // NVD: CVE-2017-17290

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-108298 // JVNDB: JVNDB-2017-012524 // NVD: CVE-2017-17290

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-681

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201712-681

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012524

PATCH
title:huawei-sa-20171213-01-ldapurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-ldap-en
Trust: 0.8
title:Huawei TE60  and ViewPoint 9030 Light Directory Access Protocol Fixes for client resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77219
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-012524 // 
            
            
            
            CNNVD: CNNVD-201712-681

EXTERNAL IDS
db:NVDid:CVE-2017-17290
Trust: 2.5
db:JVNDBid:JVNDB-2017-012524
Trust: 0.8
db:CNNVDid:CNNVD-201712-681
Trust: 0.7
db:VULHUBid:VHN-108298
Trust: 0.1
sources:
            
            
            VULHUB: VHN-108298 // 
            
            
            
            JVNDB: JVNDB-2017-012524 // 
            
            
            
            CNNVD: CNNVD-201712-681 // 
            
            
            
            NVD: CVE-2017-17290

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-ldap-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17290
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17290
Trust: 0.8
sources:
            
            
            VULHUB: VHN-108298 // 
            
            
            
            JVNDB: JVNDB-2017-012524 // 
            
            
            
            CNNVD: CNNVD-201712-681 // 
            
            
            
            NVD: CVE-2017-17290

CREDITS
Huawei internal tester
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201712-681

SOURCES
db:VULHUBid:VHN-108298
db:JVNDBid:JVNDB-2017-012524
db:CNNVDid:CNNVD-201712-681
db:NVDid:CVE-2017-17290

LAST UPDATE DATE
2024-11-23T22:52:13.032000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-108298date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-012524date:2018-03-19T00:00:00
db:CNNVDid:CNNVD-201712-681date:2019-10-23T00:00:00
db:NVDid:CVE-2017-17290date:2024-11-21T03:17:45.730

SOURCES RELEASE DATE
db:VULHUBid:VHN-108298date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012524date:2018-03-19T00:00:00
db:CNNVDid:CNNVD-201712-681date:2017-12-20T00:00:00
db:NVDid:CVE-2017-17290date:2018-02-15T16:29:03.063