Details of VAR-201802-0444

ID

VAR-201802-0444

CVE

CVE-2017-17164

TITLE

Huawei Secospace AntiDDoS8000 Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012462

DESCRIPTION

Huawei Secospace AntiDDoS8000 V500R001C20SPC500 have a memory leak vulnerability due to memory don't be released when the system open some function. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. Huawei Secospace AntiDDoS8000 Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei Secospace AntiDDoS8000 is a firewall product of Huawei in China. When a service function is enabled in the system, attackers can exploit this vulnerability to cause device abnormalities

Trust: 1.71

sources: NVD: CVE-2017-17164 // JVNDB: JVNDB-2017-012462 // VULHUB: VHN-108159

AFFECTED PRODUCTS

vendor:

huawei

model:

secospace antiddos8000

scope:

version:

v500r001c20spc500

Trust: 2.4

sources: JVNDB: JVNDB-2017-012462 // CNNVD: CNNVD-201712-683 // NVD: CVE-2017-17164

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17164
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-17164
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201712-683
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-108159
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-17164
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-108159
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17164
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-108159 // JVNDB: JVNDB-2017-012462 // CNNVD: CNNVD-201712-683 // NVD: CVE-2017-17164

PROBLEMTYPE DATA

problemtype:	CWE-772	Trust: 1.1
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-108159 // JVNDB: JVNDB-2017-012462 // NVD: CVE-2017-17164

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-683

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201712-683

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012462

PATCH

title:	huawei-sa-20171213-01-antidos	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-antidos-en	Trust: 0.8
title:	Huawei Secospace AntiDDoS8000 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77221	Trust: 0.6

sources: JVNDB: JVNDB-2017-012462 // CNNVD: CNNVD-201712-683

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17164	Trust: 2.5
db:	JVNDB	id:	JVNDB-2017-012462	Trust: 0.8
db:	CNNVD	id:	CNNVD-201712-683	Trust: 0.7
db:	VULHUB	id:	VHN-108159	Trust: 0.1

sources: VULHUB: VHN-108159 // JVNDB: JVNDB-2017-012462 // CNNVD: CNNVD-201712-683 // NVD: CVE-2017-17164

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-antidos-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17164	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17164	Trust: 0.8

sources: VULHUB: VHN-108159 // JVNDB: JVNDB-2017-012462 // CNNVD: CNNVD-201712-683 // NVD: CVE-2017-17164

CREDITS

Huawei internal tester

Trust: 0.6

sources: CNNVD: CNNVD-201712-683

SOURCES

db:	VULHUB	id:	VHN-108159
db:	JVNDB	id:	JVNDB-2017-012462
db:	CNNVD	id:	CNNVD-201712-683
db:	NVD	id:	CVE-2017-17164

LAST UPDATE DATE

2024-11-23T23:02:13.104000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-108159	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-012462	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201712-683	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-17164	date:	2024-11-21T03:17:37.300

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-108159	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-012462	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201712-683	date:	2017-12-20T00:00:00
db:	NVD	id:	CVE-2017-17164	date:	2018-02-15T16:29:02.203