Sign-up

ID

VAR-201802-0445


CVE

CVE-2017-17165


TITLE

plural Huawei Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012598

DESCRIPTION

IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause device to reset. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei Quidway S2700 and other Huawei S series switches are Huawei products. The following products and versions are affected: Huawei Quidway S2700 V200R003C00SPC300 Version; Quidway S5300 V200R003C00SPC300 Version; Quidway S5700 V200R003C00SPC300 Version; S2300 V200R003C00 Version, V200R003C00SPC300T Version, V200R005C00 Version, V200R006C00 Version, V200R007C00 Version, V200R008C00 Version, V200R009C00 Version; S2700 V200R005C00 Version, V200R006C00 Version, V200R007C00 Version, V200R008C00 Version, V200R009C00 Version; S5300 V200R003C00 Version, V200R003C00SPC300T Version, V200R003C00SPC600 Version, V200R003C02 Version, V200R005C00 Version, V200R005C01 Version, V200R005C02 Version, V200R005C03 Version, V200R005C05 Version, V200R006C00 Version, V200R007C00 Version, V200R008C00 Version, V200R009C00 Version ; S5700 etc

Trust: 2.25

sources: NVD: CVE-2017-17165 // JVNDB: JVNDB-2017-012598 // CNVD: CNVD-2017-37845 // VULHUB: VHN-108160

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-37845

AFFECTED PRODUCTS

vendor:huaweimodel:s5300scope:eqversion:v200r006c00

Trust: 1.6

vendor:huaweimodel:s6700scope:eqversion:v200r009c00

Trust: 1.6

vendor:huaweimodel:s5300scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s5300scope:eqversion:v200r005c05

Trust: 1.6

vendor:huaweimodel:s5300scope:eqversion:v200r005c02

Trust: 1.6

vendor:huaweimodel:s5300scope:eqversion:v200r005c01

Trust: 1.6

vendor:huaweimodel:s5300scope:eqversion:v200r005c03

Trust: 1.6

vendor:huaweimodel:s6700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s5300scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:s5300scope:eqversion:v200r009c00

Trust: 1.6

vendor:huaweimodel:s2700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:s6300scope:eqversion:v200r003c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:s2300scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:s2300scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r003c00spc316t

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r005c01

Trust: 1.0

vendor:huaweimodel:s2300scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s6300scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r005c01

Trust: 1.0

vendor:huaweimodel:s2300scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s5300scope:eqversion:v200r003c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s5300scope:eqversion:v200r003c02

Trust: 1.0

vendor:huaweimodel:quidway s5700scope:eqversion:v200r003c00spc300

Trust: 1.0

vendor:huaweimodel:s2300scope:eqversion:v200r003c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:quidway s5300scope:eqversion:v200r003c00spc300

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r005c02

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s6300scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:s6300scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s5300scope:eqversion:v200r003c00spc600

Trust: 1.0

vendor:huaweimodel:quidway s2700scope:eqversion:v200r003c00spc300

Trust: 1.0

vendor:huaweimodel:s5300scope:eqversion:v200r003c00spc300t

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r003c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r005c02

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r003c02

Trust: 1.0

vendor:huaweimodel:s6300scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s2300scope:eqversion:v200r003c00spc300t

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r003c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r005c03

Trust: 1.0

vendor:huaweimodel:s600-escope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:s5300scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:s600-escope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r003c00spc600

Trust: 1.0

vendor:huaweimodel:s2300scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:quidway s2700scope: - version: -

Trust: 0.8

vendor:huaweimodel:quidway s5300scope: - version: -

Trust: 0.8

vendor:huaweimodel:quidway s5700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s2300scope: - version: -

Trust: 0.8

vendor:huaweimodel:s2700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5300scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s600-escope: - version: -

Trust: 0.8

vendor:huaweimodel:s6300scope: - version: -

Trust: 0.8

vendor:huaweimodel:s6700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s6700 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r003c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r005c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r005c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r005c03scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:quidway s5700 v200r003c00spc300scope: - version: -

Trust: 0.6

vendor:huaweimodel:quidway s5300 v200r003c00spc300scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v100r006c05scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r003c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:quidway s2700 v200r003c00spc300scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r003c00spc300tscope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r003c00spc300tscope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r003c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r005c03scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r005c05scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r005c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r005c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r003c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r003c00spc316tscope: - version: -

Trust: 0.6

vendor:huaweimodel:s600-e v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s600-e v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r005c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r005c02scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-37845 // JVNDB: JVNDB-2017-012598 // CNNVD: CNNVD-201712-682 // NVD: CVE-2017-17165

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17165
value: HIGH

Trust: 1.0

NVD: CVE-2017-17165
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-37845
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201712-682
value: HIGH

Trust: 0.6

VULHUB: VHN-108160
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-17165
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-37845
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108160
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17165
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-37845 // VULHUB: VHN-108160 // JVNDB: JVNDB-2017-012598 // CNNVD: CNNVD-201712-682 // NVD: CVE-2017-17165

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-108160 // JVNDB: JVNDB-2017-012598 // NVD: CVE-2017-17165

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-682

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201712-682

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012598

PATCH
title:huawei-sa-20171213-01-ipv6url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-ipv6-en
Trust: 0.8
title:A variety of Huawei products IPv6 protocol cross-boundary read vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/111423
Trust: 0.6
title:Multiple Huawei Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77220
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-37845 // 
            
            
            
            JVNDB: JVNDB-2017-012598 // 
            
            
            
            CNNVD: CNNVD-201712-682

EXTERNAL IDS
db:NVDid:CVE-2017-17165
Trust: 3.1
db:JVNDBid:JVNDB-2017-012598
Trust: 0.8
db:CNNVDid:CNNVD-201712-682
Trust: 0.7
db:CNVDid:CNVD-2017-37845
Trust: 0.6
db:VULHUBid:VHN-108160
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37845 // 
            
            
            
            VULHUB: VHN-108160 // 
            
            
            
            JVNDB: JVNDB-2017-012598 // 
            
            
            
            CNNVD: CNNVD-201712-682 // 
            
            
            
            NVD: CVE-2017-17165

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17165
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17165
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171213-02-ipv6-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-37845 // 
            
            
            
            VULHUB: VHN-108160 // 
            
            
            
            JVNDB: JVNDB-2017-012598 // 
            
            
            
            CNNVD: CNNVD-201712-682 // 
            
            
            
            NVD: CVE-2017-17165

CREDITS
Huawei internal tester
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201712-682

SOURCES
db:CNVDid:CNVD-2017-37845
db:VULHUBid:VHN-108160
db:JVNDBid:JVNDB-2017-012598
db:CNNVDid:CNNVD-201712-682
db:NVDid:CVE-2017-17165

LAST UPDATE DATE
2024-11-23T22:12:40.530000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-37845date:2017-12-22T00:00:00
db:VULHUBid:VHN-108160date:2018-03-07T00:00:00
db:JVNDBid:JVNDB-2017-012598date:2018-03-23T00:00:00
db:CNNVDid:CNNVD-201712-682date:2017-12-21T00:00:00
db:NVDid:CVE-2017-17165date:2024-11-21T03:17:37.673

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-37845date:2017-12-22T00:00:00
db:VULHUBid:VHN-108160date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012598date:2018-03-23T00:00:00
db:CNNVDid:CNNVD-201712-682date:2017-12-21T00:00:00
db:NVDid:CVE-2017-17165date:2018-02-15T16:29:02.250