Details of VAR-201802-0442

ID

VAR-201802-0442

CVE

CVE-2017-17162

TITLE

Huawei Secospace USG6600 and Secospace USG6600 Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012460

DESCRIPTION

Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. Huawei Secospace USG6600 and Secospace USG6600 Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Both Huawei Secospace USG6600 and USG9500 are firewall products of Huawei. The following products and versions are affected: Huawei Secospace USG6600 version V500R001C30SPC100, version V500R001C30SPC200, version V500R001C30SPC300; USG9500 version V500R001C30SPC100, version V500R001C30SPC200, version V500R001

Trust: 1.71

sources: NVD: CVE-2017-17162 // JVNDB: JVNDB-2017-012460 // VULHUB: VHN-108157

AFFECTED PRODUCTS

vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30spc100	Trust: 2.4
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30spc200	Trust: 2.4
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30spc300	Trust: 2.4
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30spc100	Trust: 2.4
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30spc200	Trust: 2.4
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30spc300	Trust: 2.4

sources: JVNDB: JVNDB-2017-012460 // CNNVD: CNNVD-201712-311 // NVD: CVE-2017-17162

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17162
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-17162
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201712-311
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-108157
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-17162
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-108157
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17162
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-108157 // JVNDB: JVNDB-2017-012460 // CNNVD: CNNVD-201712-311 // NVD: CVE-2017-17162

PROBLEMTYPE DATA

problemtype:	CWE-772	Trust: 1.1
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-108157 // JVNDB: JVNDB-2017-012460 // NVD: CVE-2017-17162

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201712-311

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201712-311

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012460

PATCH

title:	huawei-sa-20171213-02-firewall	url:	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-firewall-en	Trust: 0.8
title:	Huawei Secospace USG6600 and USG9500 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100239	Trust: 0.6

sources: JVNDB: JVNDB-2017-012460 // CNNVD: CNNVD-201712-311

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17162	Trust: 2.5
db:	JVNDB	id:	JVNDB-2017-012460	Trust: 0.8
db:	CNNVD	id:	CNNVD-201712-311	Trust: 0.7
db:	VULHUB	id:	VHN-108157	Trust: 0.1

sources: VULHUB: VHN-108157 // JVNDB: JVNDB-2017-012460 // CNNVD: CNNVD-201712-311 // NVD: CVE-2017-17162

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-firewall-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17162	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17162	Trust: 0.8

sources: VULHUB: VHN-108157 // JVNDB: JVNDB-2017-012460 // CNNVD: CNNVD-201712-311 // NVD: CVE-2017-17162

SOURCES

db:	VULHUB	id:	VHN-108157
db:	JVNDB	id:	JVNDB-2017-012460
db:	CNNVD	id:	CNNVD-201712-311
db:	NVD	id:	CVE-2017-17162

LAST UPDATE DATE

2024-11-23T22:48:50.659000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-108157	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-012460	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201712-311	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-17162	date:	2024-11-21T03:17:36.897

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-108157	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-012460	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201712-311	date:	2017-12-08T00:00:00
db:	NVD	id:	CVE-2017-17162	date:	2018-02-15T16:29:02.110