Sign-up

ID

VAR-201802-0263


CVE

CVE-2017-17284


TITLE

plural Huawei Resource management vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012470

DESCRIPTION

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have a resource management error vulnerability. A remote attacker may send huge number of specially crafted SIP messages to the affected products. Due to improper handling of some value in the messages, successful exploit will cause some services abnormal. plural Huawei The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. SIP (SessionInitiationProtocol) is one of the session initiation protocol modules. The vulnerability stems from the failure of the program to correctly process the value in the message. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C01 Version, V100R001C10 Version, V500R002C00 version, V600R006C00 version

Trust: 2.25

sources: NVD: CVE-2017-17284 // JVNDB: JVNDB-2017-012470 // CNVD: CNVD-2018-05435 // VULHUB: VHN-108291

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05435

AFFECTED PRODUCTS

vendor:huaweimodel:rp200scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 2.4

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v100r001c01

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.8

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 1.8

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.8

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 1.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-05435 // JVNDB: JVNDB-2017-012470 // CNNVD: CNNVD-201802-236 // NVD: CVE-2017-17284

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17284
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17284
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-05435
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201802-236
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108291
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17284
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-05435
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108291
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17284
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-05435 // VULHUB: VHN-108291 // JVNDB: JVNDB-2017-012470 // CNNVD: CNNVD-201802-236 // NVD: CVE-2017-17284

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-108291 // JVNDB: JVNDB-2017-012470 // NVD: CVE-2017-17284

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-236

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201802-236

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012470

PATCH
title:huawei-sa-20180207-02-sipurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-02-sip-en
Trust: 0.8
title:Patch for multiple Huawei Product Denial of Service Vulnerabilities (CNVD-2018-05435)url:https://www.cnvd.org.cn/patchInfo/show/121687
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78352
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05435 // 
            
            
            
            JVNDB: JVNDB-2017-012470 // 
            
            
            
            CNNVD: CNNVD-201802-236

EXTERNAL IDS
db:NVDid:CVE-2017-17284
Trust: 3.1
db:JVNDBid:JVNDB-2017-012470
Trust: 0.8
db:CNNVDid:CNNVD-201802-236
Trust: 0.7
db:CNVDid:CNVD-2018-05435
Trust: 0.6
db:VULHUBid:VHN-108291
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05435 // 
            
            
            
            VULHUB: VHN-108291 // 
            
            
            
            JVNDB: JVNDB-2017-012470 // 
            
            
            
            CNNVD: CNNVD-201802-236 // 
            
            
            
            NVD: CVE-2017-17284

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-02-sip-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17284
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17284
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180207-02-sip-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05435 // 
            
            
            
            VULHUB: VHN-108291 // 
            
            
            
            JVNDB: JVNDB-2017-012470 // 
            
            
            
            CNNVD: CNNVD-201802-236 // 
            
            
            
            NVD: CVE-2017-17284

SOURCES
db:CNVDid:CNVD-2018-05435
db:VULHUBid:VHN-108291
db:JVNDBid:JVNDB-2017-012470
db:CNNVDid:CNNVD-201802-236
db:NVDid:CVE-2017-17284

LAST UPDATE DATE
2024-11-23T21:39:47.719000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05435date:2018-03-16T00:00:00
db:VULHUBid:VHN-108291date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-012470date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201802-236date:2019-10-23T00:00:00
db:NVDid:CVE-2017-17284date:2024-11-21T03:17:44.987

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05435date:2018-03-16T00:00:00
db:VULHUBid:VHN-108291date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012470date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201802-236date:2018-02-07T00:00:00
db:NVDid:CVE-2017-17284date:2018-02-15T16:29:02.767