Details of VAR-201802-0262

ID

VAR-201802-0262

CVE

CVE-2017-17283

TITLE

plural Huawei Resource management vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012469

DESCRIPTION

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have an out-of-bound read vulnerability. A remote attacker send specially crafted Session Initiation Protocol (SIP) messages to the affected products. Due to insufficient input validation, successful exploit will cause some services abnormal. plural Huawei The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. SIP (SessionInitiationProtocol) is one of the session initiation protocol modules. The SIP (SessionInitiationProtocol) module in several Huawei products has a border-bound read vulnerability, which is caused by the program not fully verifying the value in the message. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C01 Version, V100R001C10 Version, V500R002C00 version, V600R006C00 version

Trust: 2.25

sources: NVD: CVE-2017-17283 // JVNDB: JVNDB-2017-012469 // CNVD: CNVD-2018-05434 // VULHUB: VHN-108290

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-05434

AFFECTED PRODUCTS

vendor:	huawei	model:	rp200	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te30	scope:	eq	version:	v100r001c10	Trust: 2.4
vendor:	huawei	model:	te30	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te40	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te50	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te50	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te60	scope:	eq	version:	v100r001c01	Trust: 2.4
vendor:	huawei	model:	te60	scope:	eq	version:	v100r001c10	Trust: 2.4
vendor:	huawei	model:	te60	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te60	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	dp300	scope:	eq	version:	v500r002c00	Trust: 1.8
vendor:	huawei	model:	rp200	scope:	eq	version:	v500r002c00	Trust: 1.8
vendor:	huawei	model:	te30	scope:	eq	version:	v600r006c00	Trust: 1.8
vendor:	huawei	model:	te40	scope:	eq	version:	v500r002c00	Trust: 1.8
vendor:	huawei	model:	dp300 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v600r006c00	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-05434 // JVNDB: JVNDB-2017-012469 // CNNVD: CNNVD-201802-235 // NVD: CVE-2017-17283

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17283
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-17283
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-05434
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201802-235
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-108290
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-17283
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-05434
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-108290
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17283
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-05434 // VULHUB: VHN-108290 // JVNDB: JVNDB-2017-012469 // CNNVD: CNNVD-201802-235 // NVD: CVE-2017-17283

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-108290 // JVNDB: JVNDB-2017-012469 // NVD: CVE-2017-17283

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-235

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201802-235

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012469

PATCH

title:	huawei-sa-20180207-02-sip	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-02-sip-en	Trust: 0.8
title:	Patch of various Huawei products beyond the boundary read vulnerability (CNVD-2018-05434)	url:	https://www.cnvd.org.cn/patchInfo/show/121691	Trust: 0.6
title:	Multiple Huawei Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78351	Trust: 0.6

sources: CNVD: CNVD-2018-05434 // JVNDB: JVNDB-2017-012469 // CNNVD: CNNVD-201802-235

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17283	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-012469	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-235	Trust: 0.7
db:	CNVD	id:	CNVD-2018-05434	Trust: 0.6
db:	VULHUB	id:	VHN-108290	Trust: 0.1

sources: CNVD: CNVD-2018-05434 // VULHUB: VHN-108290 // JVNDB: JVNDB-2017-012469 // CNNVD: CNNVD-201802-235 // NVD: CVE-2017-17283

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-02-sip-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17283	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17283	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180207-02-sip-cn	Trust: 0.6

sources: CNVD: CNVD-2018-05434 // VULHUB: VHN-108290 // JVNDB: JVNDB-2017-012469 // CNNVD: CNNVD-201802-235 // NVD: CVE-2017-17283

SOURCES

db:	CNVD	id:	CNVD-2018-05434
db:	VULHUB	id:	VHN-108290
db:	JVNDB	id:	JVNDB-2017-012469
db:	CNNVD	id:	CNNVD-201802-235
db:	NVD	id:	CVE-2017-17283

LAST UPDATE DATE

2024-11-23T22:17:39.627000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-05434	date:	2018-03-16T00:00:00
db:	VULHUB	id:	VHN-108290	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-012469	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201802-235	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-17283	date:	2024-11-21T03:17:44.823

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-05434	date:	2018-03-16T00:00:00
db:	VULHUB	id:	VHN-108290	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-012469	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201802-235	date:	2018-02-07T00:00:00
db:	NVD	id:	CVE-2017-17283	date:	2018-02-15T16:29:02.703