Sign-up

ID

VAR-201802-0296


CVE

CVE-2017-17300


TITLE

plural Huawei Numerical processing vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012509

DESCRIPTION

Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00, V200R009C00, S6700 V200R008C00, V200R009C00, S7700 V200R008C00, V200R009C00, S9700 V200R008C00, V200R009C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specific TCP messages with keychain authentication option to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause the affected products to reset. plural Huawei The product contains a numerical processing vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiS12700 is an intelligent routing switch of China Huawei. A numerical calculation error vulnerability exists in several Huawei router products. The vulnerability stems from a program that fails to adequately verify the message. There are security vulnerabilities in several Huawei products. The following products and versions are affected: Huawei S12700 V200R008C00 Version, V200R009C00 Version; S5700 V200R007C00 Version, V200R008C00 Version, V200R009C00 Version; S6700 V200R008C00 Version, V200R009C00 Version; S7700 V200R008C00 Version, V200R009C00 Version; S9700 V200R008C00 Version, V200R009C00 Version

Trust: 2.25

sources: NVD: CVE-2017-17300 // JVNDB: JVNDB-2017-012509 // CNVD: CNVD-2017-37844 // VULHUB: VHN-108309

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-37844

AFFECTED PRODUCTS

vendor:huaweimodel:s7700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s12700scope:eqversion:v200r009c00

Trust: 1.6

vendor:huaweimodel:s6700scope:eqversion:v200r009c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r009c00

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s6700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s7700scope:eqversion:v200r009c00

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r009c00

Trust: 1.6

vendor:huaweimodel:s12700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s12700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s6700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s7700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s7700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r009c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-37844 // JVNDB: JVNDB-2017-012509 // CNNVD: CNNVD-201712-669 // NVD: CVE-2017-17300

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17300
value: HIGH

Trust: 1.0

NVD: CVE-2017-17300
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-37844
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201712-669
value: HIGH

Trust: 0.6

VULHUB: VHN-108309
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-17300
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-37844
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108309
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17300
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-37844 // VULHUB: VHN-108309 // JVNDB: JVNDB-2017-012509 // CNNVD: CNNVD-201712-669 // NVD: CVE-2017-17300

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-189

Trust: 0.9

sources: VULHUB: VHN-108309 // JVNDB: JVNDB-2017-012509 // NVD: CVE-2017-17300

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-669

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201712-669

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012509

PATCH
title:huawei-sa-20171215-01-routerurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-router-en
Trust: 0.8
title:Patches for various Huawei router product numerical calculation error vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/111425
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77207
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-37844 // 
            
            
            
            JVNDB: JVNDB-2017-012509 // 
            
            
            
            CNNVD: CNNVD-201712-669

EXTERNAL IDS
db:NVDid:CVE-2017-17300
Trust: 3.1
db:JVNDBid:JVNDB-2017-012509
Trust: 0.8
db:CNNVDid:CNNVD-201712-669
Trust: 0.7
db:CNVDid:CNVD-2017-37844
Trust: 0.6
db:VULHUBid:VHN-108309
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37844 // 
            
            
            
            VULHUB: VHN-108309 // 
            
            
            
            JVNDB: JVNDB-2017-012509 // 
            
            
            
            CNNVD: CNNVD-201712-669 // 
            
            
            
            NVD: CVE-2017-17300

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-router-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17300
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17300
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171215-01-router-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-37844 // 
            
            
            
            VULHUB: VHN-108309 // 
            
            
            
            JVNDB: JVNDB-2017-012509 // 
            
            
            
            CNNVD: CNNVD-201712-669 // 
            
            
            
            NVD: CVE-2017-17300

CREDITS
Huawei internal tester
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201712-669

SOURCES
db:CNVDid:CNVD-2017-37844
db:VULHUBid:VHN-108309
db:JVNDBid:JVNDB-2017-012509
db:CNNVDid:CNNVD-201712-669
db:NVDid:CVE-2017-17300

LAST UPDATE DATE
2024-11-23T22:59:06.855000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-37844date:2017-12-22T00:00:00
db:VULHUBid:VHN-108309date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-012509date:2018-03-16T00:00:00
db:CNNVDid:CNNVD-201712-669date:2019-10-23T00:00:00
db:NVDid:CVE-2017-17300date:2024-11-21T03:17:47.220

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-37844date:2017-12-22T00:00:00
db:VULHUBid:VHN-108309date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012509date:2018-03-16T00:00:00
db:CNNVDid:CNNVD-201712-669date:2017-12-21T00:00:00
db:NVDid:CVE-2017-17300date:2018-02-15T16:29:03.563