Sign-up

ID

VAR-201802-0432


CVE

CVE-2017-17183


TITLE

plural Huawei Product integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012464

DESCRIPTION

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could cause an integer overflow and might reset a process. plural Huawei The product contains an integer overflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. An integer overflow vulnerability exists in several Huawei products due to insufficient implementation of input validation by the program. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Trust: 2.34

sources: NVD: CVE-2017-17183 // JVNDB: JVNDB-2017-012464 // CNVD: CNVD-2018-05078 // VULHUB: VHN-108180 // VULMON: CVE-2017-17183

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05078

AFFECTED PRODUCTS

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 2.4

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.8

vendor:huaweimodel:rp200scope:eqversion:v500r002c00

Trust: 1.8

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-05078 // JVNDB: JVNDB-2017-012464 // CNNVD: CNNVD-201712-922 // NVD: CVE-2017-17183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17183
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17183
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-05078
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-922
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108180
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-17183
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17183
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-05078
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108180
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17183
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-05078 // VULHUB: VHN-108180 // VULMON: CVE-2017-17183 // JVNDB: JVNDB-2017-012464 // CNNVD: CNNVD-201712-922 // NVD: CVE-2017-17183

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.9

sources: VULHUB: VHN-108180 // JVNDB: JVNDB-2017-012464 // NVD: CVE-2017-17183

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-922

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201712-922

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012464

PATCH
title:huawei-sa-20180207-01-soapurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-soap-en
Trust: 0.8
title:Patch for integer overflow vulnerability (CNVD-2018-05078) in several Huawei productsurl:https://www.cnvd.org.cn/patchInfo/show/121235
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05078 // 
            
            
            
            JVNDB: JVNDB-2017-012464

EXTERNAL IDS
db:NVDid:CVE-2017-17183
Trust: 3.2
db:JVNDBid:JVNDB-2017-012464
Trust: 0.8
db:CNNVDid:CNNVD-201712-922
Trust: 0.7
db:CNVDid:CNVD-2018-05078
Trust: 0.6
db:VULHUBid:VHN-108180
Trust: 0.1
db:VULMONid:CVE-2017-17183
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05078 // 
            
            
            
            VULHUB: VHN-108180 // 
            
            
            
            VULMON: CVE-2017-17183 // 
            
            
            
            JVNDB: JVNDB-2017-012464 // 
            
            
            
            CNNVD: CNNVD-201712-922 // 
            
            
            
            NVD: CVE-2017-17183

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-soap-en
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17183
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17183
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180207-01-soap-cn
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/190.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05078 // 
            
            
            
            VULHUB: VHN-108180 // 
            
            
            
            VULMON: CVE-2017-17183 // 
            
            
            
            JVNDB: JVNDB-2017-012464 // 
            
            
            
            CNNVD: CNNVD-201712-922 // 
            
            
            
            NVD: CVE-2017-17183

SOURCES
db:CNVDid:CNVD-2018-05078
db:VULHUBid:VHN-108180
db:VULMONid:CVE-2017-17183
db:JVNDBid:JVNDB-2017-012464
db:CNNVDid:CNNVD-201712-922
db:NVDid:CVE-2017-17183

LAST UPDATE DATE
2024-11-23T23:08:47.089000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05078date:2018-03-13T00:00:00
db:VULHUBid:VHN-108180date:2018-02-26T00:00:00
db:VULMONid:CVE-2017-17183date:2018-02-26T00:00:00
db:JVNDBid:JVNDB-2017-012464date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201712-922date:2018-02-22T00:00:00
db:NVDid:CVE-2017-17183date:2024-11-21T03:17:39.380

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05078date:2018-03-13T00:00:00
db:VULHUBid:VHN-108180date:2018-02-15T00:00:00
db:VULMONid:CVE-2017-17183date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012464date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201712-922date:2017-12-26T00:00:00
db:NVDid:CVE-2017-17183date:2018-02-15T16:29:02.393