Sign-up

ID

VAR-201802-0440


CVE

CVE-2017-17160


TITLE

plural Huawei Out-of-bounds vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012504

DESCRIPTION

Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, NetEngine16EX V200R006C10, V200R007C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, SRG2300 V200R006C10, V200R007C00, V200R007C02, SRG3300 V200R006C10, V200R007C00 have a buffer overflow vulnerability due to incomplete range checks of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious IKE packets to the targeted device. An exploit could allow the attacker to cause the device to write out of bound and restart. plural Huawei The product contains an out-of-bounds write vulnerability.Denial of service (DoS) May be in a state. Huawei AR and SRG series enterprise routers are Huawei's all-in-one routers for small and medium-sized offices or small and medium-sized enterprises. NetEngine16EX is a multi-service network product launched by Huawei. It is mainly used in backbone aggregation and access nodes in various industries. , large and medium-sized campus network exports, large and medium-sized enterprise headquarters or branches and other scenarios. Huawei AR120-S and others are all router products of China Huawei (Huawei). The following products and versions are affected: Huawei AR120-S V200R006C10 Version, V200R007C00 Version; AR1200 V200R006C10 Version, V200R006C13 Version, V200R007C00 Version, V200R007C02 Version; AR1200-S V200R006C10 Version, V200R007C00 Version, V200R008C20 Version; AR150 V200R006C10 Version, V200R007C00 Version, V200R007C02 Version; AR150-S V200R006C10 Version, V200R007C00 Version; AR160 V200R006C10 Version, V200R006C12 Version, V200R007C00 Version, V200R007C02 Version; AR200 V200R006C10 Version, V200R007C00 Version; AR200-S V200R006C10 Version, V200R007C00 Version; AR2200 V200R006C10 Version, V200R006C13 Version, V200R006C16PWE Version, V200R007C00 Version, V200R007C02 Version; AR2200-S V200R006C10 Version, V200R007C00 Version, V200R008C20 Version; AR3200 V200R006C10 Version, V200R006C11 Version, V200R007C00 Version, V200R007C02 Version; AR3600 V200R006C10 Version, V200R007C00 Version; AR510 V200R006C12 Version, V200R006C13 Version, V200R006C15 Version, V200R006C16 Version , V200R006C17 version, V200R007C00 version; NetEngine16EX

Trust: 2.25

sources: NVD: CVE-2017-17160 // JVNDB: JVNDB-2017-012504 // CNVD: CNVD-2017-37501 // VULHUB: VHN-108155

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-37501

AFFECTED PRODUCTS

vendor:huaweimodel:ar3600scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r006c11

Trust: 1.6

vendor:huaweimodel:ar3600scope:eqversion:v200r006c10

Trust: 1.6

vendor:huaweimodel:ar2200-sscope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:ar2200-sscope:eqversion:v200r008c20

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r007c02

Trust: 1.6

vendor:huaweimodel:ar510scope:eqversion:v200r006c12

Trust: 1.6

vendor:huaweimodel:ar2200-sscope:eqversion:v200r006c10

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r006c10

Trust: 1.6

vendor:huaweimodel:ar150-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:srg2300scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:srg1300scope:eqversion:v200r007c02

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r007c02

Trust: 1.0

vendor:huaweimodel:ar120-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:srg3300scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r006c16pwe

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:srg2300scope:eqversion:v200r007c02

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r006c13

Trust: 1.0

vendor:huaweimodel:srg3300scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar120-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r006c12

Trust: 1.0

vendor:huaweimodel:ar200-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r007c02

Trust: 1.0

vendor:huaweimodel:ar510scope:eqversion:v200r006c13

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar510scope:eqversion:v200r006c17

Trust: 1.0

vendor:huaweimodel:ar200-sscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:srg1300scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar510scope:eqversion:v200r006c16

Trust: 1.0

vendor:huaweimodel:netengine16exscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r007c02

Trust: 1.0

vendor:huaweimodel:ar150-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:srg2300scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r008c20

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar2200scope:eqversion:v200r006c13

Trust: 1.0

vendor:huaweimodel:ar510scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:netengine16exscope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:srg1300scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar510scope:eqversion:v200r006c15

Trust: 1.0

vendor:huaweimodel:ar120-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:netengine16exscope: - version: -

Trust: 0.8

vendor:huaweimodel:srg1300scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar3200 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar120-s v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar120-s v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200 v200r007c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200-s v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200-s v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200-s v200r008c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150 v200r007c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150-s v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150-s v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar160 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar160 v200r006c12scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar160 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar160 v200r007c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar200 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar200 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar200-s v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar200-s v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200 v200r006c16pwescope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200 v200r006c13scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200 v200r007c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r006c11scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r007c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar510 v200r006c12scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar510 v200r006c13scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar510 v200r006c15scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar510 v200r006c16scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar510 v200r006c17scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar510 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:netengine16ex v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:netengine16ex v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg1300 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg1300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg1300 v200r007c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg2300 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg2300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg2300 v200r007c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg3300 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg3300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg3300 v200r008c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200-s v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200-s v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200-s v200r008c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3600 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3600 v200r007c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-37501 // JVNDB: JVNDB-2017-012504 // CNNVD: CNNVD-201712-313 // NVD: CVE-2017-17160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17160
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17160
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-37501
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-313
value: HIGH

Trust: 0.6

VULHUB: VHN-108155
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-17160
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-37501
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108155
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17160
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-37501 // VULHUB: VHN-108155 // JVNDB: JVNDB-2017-012504 // CNNVD: CNNVD-201712-313 // NVD: CVE-2017-17160

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.9

sources: VULHUB: VHN-108155 // JVNDB: JVNDB-2017-012504 // NVD: CVE-2017-17160

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-313

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201712-313

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012504

PATCH
title:huawei-sa-20171213-01-ikeurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-ike-en
Trust: 0.8
title:Patch for multiple Huawei product buffer overflow vulnerabilities (CNVD-2017-37501)url:https://www.cnvd.org.cn/patchInfo/show/111023
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-37501 // 
            
            
            
            JVNDB: JVNDB-2017-012504

EXTERNAL IDS
db:NVDid:CVE-2017-17160
Trust: 3.1
db:JVNDBid:JVNDB-2017-012504
Trust: 0.8
db:CNNVDid:CNNVD-201712-313
Trust: 0.7
db:CNVDid:CNVD-2017-37501
Trust: 0.6
db:VULHUBid:VHN-108155
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37501 // 
            
            
            
            VULHUB: VHN-108155 // 
            
            
            
            JVNDB: JVNDB-2017-012504 // 
            
            
            
            CNNVD: CNNVD-201712-313 // 
            
            
            
            NVD: CVE-2017-17160

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-ike-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17160
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17160
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171213-01-ike-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-37501 // 
            
            
            
            VULHUB: VHN-108155 // 
            
            
            
            JVNDB: JVNDB-2017-012504 // 
            
            
            
            CNNVD: CNNVD-201712-313 // 
            
            
            
            NVD: CVE-2017-17160

SOURCES
db:CNVDid:CNVD-2017-37501
db:VULHUBid:VHN-108155
db:JVNDBid:JVNDB-2017-012504
db:CNNVDid:CNNVD-201712-313
db:NVDid:CVE-2017-17160

LAST UPDATE DATE
2024-11-23T22:26:28.772000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-37501date:2017-12-19T00:00:00
db:VULHUBid:VHN-108155date:2018-03-01T00:00:00
db:JVNDBid:JVNDB-2017-012504date:2018-03-16T00:00:00
db:CNNVDid:CNNVD-201712-313date:2018-02-22T00:00:00
db:NVDid:CVE-2017-17160date:2024-11-21T03:17:36.633

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-37501date:2017-12-19T00:00:00
db:VULHUBid:VHN-108155date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012504date:2018-03-16T00:00:00
db:CNNVDid:CNNVD-201712-313date:2017-12-08T00:00:00
db:NVDid:CVE-2017-17160date:2018-02-15T16:29:02.017