Sign-up

ID

VAR-201802-0295


CVE

CVE-2017-17299


TITLE

plural Huawei Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012620

DESCRIPTION

Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00S, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, IPS Module V500R001C30, NIP6300 V500R001C30, NetEngine16EX V200R006C10, V200R007C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker may send crafted IKE V2 messages to the affected products. Due to the insufficient validation of the messages, successful exploit will cause invalid memory access and result in a denial of service on the affected products. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR120-S is a router product of China Huawei. The following products and versions are affected: Huawei AR120-S V200R006C10 Version, V200R007C00 Version; AR1200 V200R006C10 Version, V200R006C13 Version, V200R007C00 Version, V200R007C02 Version; AR1200-S V200R006C10 Version, V200R007C00 Version, V200R008C20 Version; AR150 V200R006C10 Version, V200R007C00 Version, V200R007C02 Version; AR150-S V200R006C10, V200R007C00; AR160 V200R006C10, V200R006C12, V200R007C00S, V200R007C02; AR200 V200R006C10, V200R007C00; AR200

Trust: 2.25

sources: NVD: CVE-2017-17299 // JVNDB: JVNDB-2017-012620 // CNVD: CNVD-2017-37728 // VULHUB: VHN-108307

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-37728

AFFECTED PRODUCTS

vendor:huaweimodel:ips modulescope:eqversion:v500r001c30

Trust: 1.6

vendor:huaweimodel:ar510scope:eqversion:v200r006c15

Trust: 1.6

vendor:huaweimodel:nip6300scope:eqversion:v500r001c30

Trust: 1.6

vendor:huaweimodel:netengine16exscope:eqversion:v200r006c10

Trust: 1.6

vendor:huaweimodel:ar510scope:eqversion:v200r006c16

Trust: 1.6

vendor:huaweimodel:ar510scope:eqversion:v200r006c13

Trust: 1.6

vendor:huaweimodel:ar510scope:eqversion:v200r006c17

Trust: 1.6

vendor:huaweimodel:ar510scope:eqversion:v200r006c12

Trust: 1.6

vendor:huaweimodel:ar510scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:netengine16exscope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:ar150-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar2200-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r007c02

Trust: 1.0

vendor:huaweimodel:ar120-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar3600scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r007c00s

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r006c16

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r006c11

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r006c13

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar120-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r006c12

Trust: 1.0

vendor:huaweimodel:ar200-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar3600scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r007c02

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar200-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r007c02

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r007c02

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r007c02

Trust: 1.0

vendor:huaweimodel:ar150-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar2200-sscope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar2200-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r006c13

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar120-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar1200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar1200-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar150scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar150-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar160scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar200-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar2200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar2200-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar3200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar3600scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar510scope: - version: -

Trust: 0.8

vendor:huaweimodel:ips modulescope: - version: -

Trust: 0.8

vendor:huaweimodel:netengine16exscope: - version: -

Trust: 0.8

vendor:huaweimodel:nip6300scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar3200 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar120-s v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar120-s v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200 v200r006c13scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200 v200r007c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200-s v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200-s v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200-s v200r008c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150 v200r007c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150-s v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150-s v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar160 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar160 v200r006c12scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar160 v200r007c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar200 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar200 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar200-s v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar200-s v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200 v200r006c13scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200 v200r007c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r006c11scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r007c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar510 v200r006c12scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar510 v200r006c13scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar510 v200r006c15scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar510 v200r006c16scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar510 v200r006c17scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar510 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:netengine16ex v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:netengine16ex v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200-s v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200-s v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200-s v200r008c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:ips module v500r001c30scope: - version: -

Trust: 0.6

vendor:huaweimodel:ngfw module v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:nip6300 v500r001c30scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200 v200r006c16scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3600 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3600 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar160 v200r007c00sscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-37728 // JVNDB: JVNDB-2017-012620 // CNNVD: CNNVD-201712-670 // NVD: CVE-2017-17299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17299
value: HIGH

Trust: 1.0

NVD: CVE-2017-17299
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-37728
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201712-670
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108307
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17299
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-37728
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108307
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17299
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-37728 // VULHUB: VHN-108307 // JVNDB: JVNDB-2017-012620 // CNNVD: CNNVD-201712-670 // NVD: CVE-2017-17299

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-108307 // JVNDB: JVNDB-2017-012620 // NVD: CVE-2017-17299

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-670

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201712-670

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012620

PATCH
title:huawei-sa-20171215-01-ikeurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ike-en
Trust: 0.8
title:Patch for multiple Huawei product input verification vulnerabilities (CNVD-2017-37728)url:https://www.cnvd.org.cn/patchInfo/show/111271
Trust: 0.6
title:Multiple Huawei Fixes for product input validation vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77208
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-37728 // 
            
            
            
            JVNDB: JVNDB-2017-012620 // 
            
            
            
            CNNVD: CNNVD-201712-670

EXTERNAL IDS
db:NVDid:CVE-2017-17299
Trust: 3.1
db:JVNDBid:JVNDB-2017-012620
Trust: 0.8
db:CNNVDid:CNNVD-201712-670
Trust: 0.7
db:CNVDid:CNVD-2017-37728
Trust: 0.6
db:VULHUBid:VHN-108307
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37728 // 
            
            
            
            VULHUB: VHN-108307 // 
            
            
            
            JVNDB: JVNDB-2017-012620 // 
            
            
            
            CNNVD: CNNVD-201712-670 // 
            
            
            
            NVD: CVE-2017-17299

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ike-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17299
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17299
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171215-01-ike-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-37728 // 
            
            
            
            VULHUB: VHN-108307 // 
            
            
            
            JVNDB: JVNDB-2017-012620 // 
            
            
            
            CNNVD: CNNVD-201712-670 // 
            
            
            
            NVD: CVE-2017-17299

CREDITS
Huawei internal tester
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201712-670

SOURCES
db:CNVDid:CNVD-2017-37728
db:VULHUBid:VHN-108307
db:JVNDBid:JVNDB-2017-012620
db:CNNVDid:CNNVD-201712-670
db:NVDid:CVE-2017-17299

LAST UPDATE DATE
2024-11-23T22:48:50.710000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-37728date:2017-12-21T00:00:00
db:VULHUBid:VHN-108307date:2018-03-09T00:00:00
db:JVNDBid:JVNDB-2017-012620date:2018-03-27T00:00:00
db:CNNVDid:CNNVD-201712-670date:2017-12-20T00:00:00
db:NVDid:CVE-2017-17299date:2024-11-21T03:17:47.083

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-37728date:2017-12-21T00:00:00
db:VULHUBid:VHN-108307date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012620date:2018-03-27T00:00:00
db:CNNVDid:CNNVD-201712-670date:2017-12-20T00:00:00
db:NVDid:CVE-2017-17299date:2018-02-15T16:29:03.517