Sign-up

ID

VAR-201802-0431


CVE

CVE-2017-17182


TITLE

plural Huawei Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012421

DESCRIPTION

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a out-of-bounds read vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could make the device access invalid memory and might reset a process. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. A buffer overflow vulnerability exists in several Huawei products due to insufficient implementation of input validation by the program. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Trust: 2.34

sources: NVD: CVE-2017-17182 // JVNDB: JVNDB-2017-012421 // CNVD: CNVD-2018-05081 // VULHUB: VHN-108179 // VULMON: CVE-2017-17182

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05081

AFFECTED PRODUCTS

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:rp200scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:rp200scope: - version: -

Trust: 0.8

vendor:huaweimodel:te30scope: - version: -

Trust: 0.8

vendor:huaweimodel:te40scope: - version: -

Trust: 0.8

vendor:huaweimodel:te50scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-05081 // JVNDB: JVNDB-2017-012421 // CNNVD: CNNVD-201712-923 // NVD: CVE-2017-17182

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17182
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17182
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-05081
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-923
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108179
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-17182
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17182
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-05081
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108179
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17182
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-05081 // VULHUB: VHN-108179 // VULMON: CVE-2017-17182 // JVNDB: JVNDB-2017-012421 // CNNVD: CNNVD-201712-923 // NVD: CVE-2017-17182

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-108179 // JVNDB: JVNDB-2017-012421 // NVD: CVE-2017-17182

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-923

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201712-923

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012421

PATCH
title:huawei-sa-20180207-01-soapurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-soap-en
Trust: 0.8
title:Patch for multiple Huawei product buffer overflow vulnerabilities (CNVD-2018-05081)url:https://www.cnvd.org.cn/patchInfo/show/121219
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05081 // 
            
            
            
            JVNDB: JVNDB-2017-012421

EXTERNAL IDS
db:NVDid:CVE-2017-17182
Trust: 3.2
db:JVNDBid:JVNDB-2017-012421
Trust: 0.8
db:CNNVDid:CNNVD-201712-923
Trust: 0.7
db:CNVDid:CNVD-2018-05081
Trust: 0.6
db:VULHUBid:VHN-108179
Trust: 0.1
db:VULMONid:CVE-2017-17182
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05081 // 
            
            
            
            VULHUB: VHN-108179 // 
            
            
            
            VULMON: CVE-2017-17182 // 
            
            
            
            JVNDB: JVNDB-2017-012421 // 
            
            
            
            CNNVD: CNNVD-201712-923 // 
            
            
            
            NVD: CVE-2017-17182

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-soap-en
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17182
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17182
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180207-01-soap-cn
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/125.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05081 // 
            
            
            
            VULHUB: VHN-108179 // 
            
            
            
            VULMON: CVE-2017-17182 // 
            
            
            
            JVNDB: JVNDB-2017-012421 // 
            
            
            
            CNNVD: CNNVD-201712-923 // 
            
            
            
            NVD: CVE-2017-17182

SOURCES
db:CNVDid:CNVD-2018-05081
db:VULHUBid:VHN-108179
db:VULMONid:CVE-2017-17182
db:JVNDBid:JVNDB-2017-012421
db:CNNVDid:CNNVD-201712-923
db:NVDid:CVE-2017-17182

LAST UPDATE DATE
2024-11-23T21:39:42.105000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05081date:2018-03-13T00:00:00
db:VULHUBid:VHN-108179date:2018-02-23T00:00:00
db:VULMONid:CVE-2017-17182date:2018-02-23T00:00:00
db:JVNDBid:JVNDB-2017-012421date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201712-923date:2018-02-22T00:00:00
db:NVDid:CVE-2017-17182date:2024-11-21T03:17:39.263

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05081date:2018-03-13T00:00:00
db:VULHUBid:VHN-108179date:2018-02-15T00:00:00
db:VULMONid:CVE-2017-17182date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012421date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201712-923date:2017-12-26T00:00:00
db:NVDid:CVE-2017-17182date:2018-02-15T16:29:02.347