Sign-up

ID

VAR-201802-0433


CVE

CVE-2017-17184


TITLE

plural Huawei Product integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012465

DESCRIPTION

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could cause an integer overflow and might reset a process. plural Huawei The product contains an integer overflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. An integer overflow vulnerability exists in several Huawei products due to insufficient implementation of input validation by the program. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Trust: 2.34

sources: NVD: CVE-2017-17184 // JVNDB: JVNDB-2017-012465 // CNVD: CNVD-2018-05077 // VULHUB: VHN-108181 // VULMON: CVE-2017-17184

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05077

AFFECTED PRODUCTS

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 2.4

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.8

vendor:huaweimodel:rp200scope:eqversion:v500r002c00

Trust: 1.8

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 1.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-05077 // JVNDB: JVNDB-2017-012465 // CNNVD: CNNVD-201712-921 // NVD: CVE-2017-17184

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17184
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17184
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-05077
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-921
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108181
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-17184
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17184
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-05077
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108181
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17184
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-05077 // VULHUB: VHN-108181 // VULMON: CVE-2017-17184 // JVNDB: JVNDB-2017-012465 // CNNVD: CNNVD-201712-921 // NVD: CVE-2017-17184

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.9

sources: VULHUB: VHN-108181 // JVNDB: JVNDB-2017-012465 // NVD: CVE-2017-17184

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-921

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201712-921

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012465

PATCH
title:huawei-sa-20180207-01-soapurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-soap-en
Trust: 0.8
title:Patch for integer overflow vulnerability (CNVD-2018-05077) in several Huawei productsurl:https://www.cnvd.org.cn/patchInfo/show/121233
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05077 // 
            
            
            
            JVNDB: JVNDB-2017-012465

EXTERNAL IDS
db:NVDid:CVE-2017-17184
Trust: 3.2
db:JVNDBid:JVNDB-2017-012465
Trust: 0.8
db:CNNVDid:CNNVD-201712-921
Trust: 0.7
db:CNVDid:CNVD-2018-05077
Trust: 0.6
db:VULHUBid:VHN-108181
Trust: 0.1
db:VULMONid:CVE-2017-17184
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05077 // 
            
            
            
            VULHUB: VHN-108181 // 
            
            
            
            VULMON: CVE-2017-17184 // 
            
            
            
            JVNDB: JVNDB-2017-012465 // 
            
            
            
            CNNVD: CNNVD-201712-921 // 
            
            
            
            NVD: CVE-2017-17184

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-soap-en
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17184
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17184
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180207-01-soap-cn
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/190.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05077 // 
            
            
            
            VULHUB: VHN-108181 // 
            
            
            
            VULMON: CVE-2017-17184 // 
            
            
            
            JVNDB: JVNDB-2017-012465 // 
            
            
            
            CNNVD: CNNVD-201712-921 // 
            
            
            
            NVD: CVE-2017-17184

SOURCES
db:CNVDid:CNVD-2018-05077
db:VULHUBid:VHN-108181
db:VULMONid:CVE-2017-17184
db:JVNDBid:JVNDB-2017-012465
db:CNNVDid:CNNVD-201712-921
db:NVDid:CVE-2017-17184

LAST UPDATE DATE
2024-11-23T23:12:15.269000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05077date:2018-03-13T00:00:00
db:VULHUBid:VHN-108181date:2018-02-26T00:00:00
db:VULMONid:CVE-2017-17184date:2018-02-26T00:00:00
db:JVNDBid:JVNDB-2017-012465date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201712-921date:2018-02-22T00:00:00
db:NVDid:CVE-2017-17184date:2024-11-21T03:17:39.490

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05077date:2018-03-13T00:00:00
db:VULHUBid:VHN-108181date:2018-02-15T00:00:00
db:VULMONid:CVE-2017-17184date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012465date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201712-921date:2017-12-26T00:00:00
db:NVDid:CVE-2017-17184date:2018-02-15T16:29:02.440