Details of VAR-201802-0446

ID

VAR-201802-0446

CVE

CVE-2017-17166

TITLE

plural Huawei Product depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012463

DESCRIPTION

Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack memory is exhausted. plural Huawei The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei SecospaceUSG series is a new generation of professional intrusion prevention and firewall products for Huawei, IDC, campus network and operators. DP300 and TP3206 are integrated desktop telepresence for high-end customers. HuaweiWEVP9660 is Huawei. Customer demand-oriented, combined with strong network equipment manufacturing advantages, developed a new generation of industry's largest capacity, flexible allocation of ports, smooth expansion of fully-adapted MCU, is a multimedia exchange platform with 1080p60 full-coded full solution and super processing capability. The successful exploitation of the vulnerability causes the stack memory resources in the system to be exhausted, and some services are abnormal. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. Secospace USG6300 is a firewall product. There are security vulnerabilities in several Huawei products. The vulnerability is caused by the program's improper processing of some fields in H.323 packets. The following products and versions are affected: Huawei DP300 V500R002C00 Version; Secospace USG6300 V500R001C00 Version, V500R001C20 Version, V500R001C30 Version, V500R001C50 Version; Secospace USG6500 V500R001C00 Version, V500R001C20 Version, V500R001C30 Version, V500R001C50 Version; Secospace USG6600 V500R001C00 Version, V500R001C20 Version, V500R001C30 Version , version V500R001C50; TP3206 version V100R002C00; VP9660 version V500R002C00, version V500R002C10

Trust: 2.25

sources: NVD: CVE-2017-17166 // JVNDB: JVNDB-2017-012463 // CNVD: CNVD-2017-37496 // VULHUB: VHN-108161

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-37496

AFFECTED PRODUCTS

vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c20	Trust: 2.4
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c30	Trust: 2.4
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c50	Trust: 2.4
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c00	Trust: 2.4
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c20	Trust: 2.4
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30	Trust: 2.4
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c50	Trust: 2.4
vendor:	huawei	model:	tp3206	scope:	eq	version:	v100r002c00	Trust: 2.4
vendor:	huawei	model:	vp9660	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	vp9660	scope:	eq	version:	v500r002c10	Trust: 2.4
vendor:	huawei	model:	dp300	scope:	eq	version:	v500r002c00	Trust: 1.8
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c00	Trust: 1.8
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c20	Trust: 1.8
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c30	Trust: 1.8
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c50	Trust: 1.8
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c00	Trust: 1.8
vendor:	huawei	model:	secospace usg6500 v500r001c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6600 v500r001c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	dp300 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tp3206 v100r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	vp9660 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	vp9660 v500r002c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6300 v500r001c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6300 v500r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6300 v500r001c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6300 v500r001c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6500 v500r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6500 v500r001c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6500 v500r001c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6600 v500r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6600 v500r001c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6600 v500r001c50	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-37496 // JVNDB: JVNDB-2017-012463 // CNNVD: CNNVD-201712-680 // NVD: CVE-2017-17166

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17166
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-17166
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-37496
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201712-680
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-108161
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-17166
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-37496
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-108161
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17166
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-37496 // VULHUB: VHN-108161 // JVNDB: JVNDB-2017-012463 // CNNVD: CNNVD-201712-680 // NVD: CVE-2017-17166

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.9

sources: VULHUB: VHN-108161 // JVNDB: JVNDB-2017-012463 // NVD: CVE-2017-17166

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-680

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201712-680

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012463

PATCH

title:	huawei-sa-20171213-02-h323	url:	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-h323-en	Trust: 0.8
title:	Patches for various Huawei product resource exhaustion vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/111003	Trust: 0.6
title:	Multiple Huawei Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77217	Trust: 0.6

sources: CNVD: CNVD-2017-37496 // JVNDB: JVNDB-2017-012463 // CNNVD: CNNVD-201712-680

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17166	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-012463	Trust: 0.8
db:	CNNVD	id:	CNNVD-201712-680	Trust: 0.7
db:	CNVD	id:	CNVD-2017-37496	Trust: 0.6
db:	VULHUB	id:	VHN-108161	Trust: 0.1

sources: CNVD: CNVD-2017-37496 // VULHUB: VHN-108161 // JVNDB: JVNDB-2017-012463 // CNNVD: CNNVD-201712-680 // NVD: CVE-2017-17166

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-h323-en	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17166	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17166	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171213-02-h323-cn	Trust: 0.6
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-h323-en	Trust: 0.6

sources: CNVD: CNVD-2017-37496 // VULHUB: VHN-108161 // JVNDB: JVNDB-2017-012463 // CNNVD: CNNVD-201712-680 // NVD: CVE-2017-17166

CREDITS

Huawei internal tester

Trust: 0.6

sources: CNNVD: CNNVD-201712-680

SOURCES

db:	CNVD	id:	CNVD-2017-37496
db:	VULHUB	id:	VHN-108161
db:	JVNDB	id:	JVNDB-2017-012463
db:	CNNVD	id:	CNNVD-201712-680
db:	NVD	id:	CVE-2017-17166

LAST UPDATE DATE

2024-11-23T22:30:30.470000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-37496	date:	2017-12-19T00:00:00
db:	VULHUB	id:	VHN-108161	date:	2018-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2017-012463	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201712-680	date:	2017-12-20T00:00:00
db:	NVD	id:	CVE-2017-17166	date:	2024-11-21T03:17:37.807

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-37496	date:	2017-12-19T00:00:00
db:	VULHUB	id:	VHN-108161	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-012463	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201712-680	date:	2017-12-20T00:00:00
db:	NVD	id:	CVE-2017-17166	date:	2018-02-15T16:29:02.297