Details of VAR-201802-0435

ID

VAR-201802-0435

CVE

CVE-2017-17186

TITLE

plural Huawei Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012467

DESCRIPTION

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a DoS vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could make some data overwritten, leak device memory and potentially reset a process. plural Huawei The product contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. A denial of service vulnerability exists in several Huawei products due to insufficient implementation of input validation by the program. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Trust: 2.25

sources: NVD: CVE-2017-17186 // JVNDB: JVNDB-2017-012467 // CNVD: CNVD-2018-05079 // VULHUB: VHN-108183

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-05079

AFFECTED PRODUCTS

vendor:	huawei	model:	te30	scope:	eq	version:	v100r001c10	Trust: 2.4
vendor:	huawei	model:	te30	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te30	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te40	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te40	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te50	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te50	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te60	scope:	eq	version:	v100r001c10	Trust: 2.4
vendor:	huawei	model:	te60	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te60	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	dp300	scope:	eq	version:	v500r002c00	Trust: 1.8
vendor:	huawei	model:	rp200	scope:	eq	version:	v500r002c00	Trust: 1.8
vendor:	huawei	model:	rp200	scope:	eq	version:	v600r006c00	Trust: 1.8
vendor:	huawei	model:	dp300 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v600r006c00	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-05079 // JVNDB: JVNDB-2017-012467 // CNNVD: CNNVD-201712-919 // NVD: CVE-2017-17186

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17186
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-17186
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-05079
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201712-919
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-108183
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-17186
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-05079
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-108183
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17186
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-05079 // VULHUB: VHN-108183 // JVNDB: JVNDB-2017-012467 // CNNVD: CNNVD-201712-919 // NVD: CVE-2017-17186

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-108183 // JVNDB: JVNDB-2017-012467 // NVD: CVE-2017-17186

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-919

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201712-919

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012467

PATCH

title:	huawei-sa-20180207-01-soap	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-soap-en	Trust: 0.8
title:	Patches for various Huawei Product Denial of Service Vulnerabilities (CNVD-2018-05079)	url:	https://www.cnvd.org.cn/patchInfo/show/121239	Trust: 0.6

sources: CNVD: CNVD-2018-05079 // JVNDB: JVNDB-2017-012467

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17186	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-012467	Trust: 0.8
db:	CNNVD	id:	CNNVD-201712-919	Trust: 0.7
db:	CNVD	id:	CNVD-2018-05079	Trust: 0.6
db:	VULHUB	id:	VHN-108183	Trust: 0.1

sources: CNVD: CNVD-2018-05079 // VULHUB: VHN-108183 // JVNDB: JVNDB-2017-012467 // CNNVD: CNNVD-201712-919 // NVD: CVE-2017-17186

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-soap-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17186	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17186	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180207-01-soap-cn	Trust: 0.6

sources: CNVD: CNVD-2018-05079 // VULHUB: VHN-108183 // JVNDB: JVNDB-2017-012467 // CNNVD: CNNVD-201712-919 // NVD: CVE-2017-17186

SOURCES

db:	CNVD	id:	CNVD-2018-05079
db:	VULHUB	id:	VHN-108183
db:	JVNDB	id:	JVNDB-2017-012467
db:	CNNVD	id:	CNNVD-201712-919
db:	NVD	id:	CVE-2017-17186

LAST UPDATE DATE

2024-11-23T22:41:58.730000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-05079	date:	2018-03-13T00:00:00
db:	VULHUB	id:	VHN-108183	date:	2018-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2017-012467	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201712-919	date:	2018-02-22T00:00:00
db:	NVD	id:	CVE-2017-17186	date:	2024-11-21T03:17:39.720

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-05079	date:	2018-03-13T00:00:00
db:	VULHUB	id:	VHN-108183	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-012467	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201712-919	date:	2017-12-26T00:00:00
db:	NVD	id:	CVE-2017-17186	date:	2018-02-15T16:29:02.533