Sign-up

ID

VAR-201802-0527


CVE

CVE-2017-15346


TITLE

plural Huawei Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012436

DESCRIPTION

XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiS12700 is an enterprise-class switch product from China's Huawei company. XMLparser is one of the XML parsers. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.34

sources: NVD: CVE-2017-15346 // JVNDB: JVNDB-2017-012436 // CNVD: CNVD-2017-38222 // VULHUB: VHN-106159 // VULMON: CVE-2017-15346

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38222

AFFECTED PRODUCTS

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10spc101

Trust: 2.4

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10spc102

Trust: 2.4

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10spc200

Trust: 2.4

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10spc221

Trust: 2.4

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10spc400

Trust: 2.4

vendor:huaweimodel:s9700scope:eqversion:v200r006c00

Trust: 2.4

vendor:huaweimodel:s9700scope:eqversion:v200r007c00

Trust: 2.4

vendor:huaweimodel:s9700scope:eqversion:v200r008c00

Trust: 2.4

vendor:huaweimodel:s9700scope:eqversion:v200r009c00

Trust: 2.4

vendor:huaweimodel:s9700scope:eqversion:v200r010c00

Trust: 2.4

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10

Trust: 1.8

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10spc003

Trust: 1.8

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10spc100

Trust: 1.8

vendor:huaweimodel:s12700scope:eqversion:v200r005c00

Trust: 1.8

vendor:huaweimodel:s1700scope:eqversion:v200r009c00

Trust: 1.8

vendor:huaweimodel:s1700scope:eqversion:v200r010c00

Trust: 1.8

vendor:huaweimodel:s5700scope:eqversion:v200r001c00

Trust: 1.8

vendor:huaweimodel:s5700scope:eqversion:v200r002c00

Trust: 1.8

vendor:huaweimodel:s5700scope:eqversion:v200r003c00

Trust: 1.8

vendor:huaweimodel:s5700scope:eqversion:v200r003c02

Trust: 1.8

vendor:huaweimodel:s5700scope:eqversion:v200r005c00

Trust: 1.8

vendor:huaweimodel:s5700scope:eqversion:v200r006c00

Trust: 1.8

vendor:huaweimodel:s5700scope:eqversion:v200r007c00

Trust: 1.8

vendor:huaweimodel:s5700scope:eqversion:v200r008c00

Trust: 1.8

vendor:huaweimodel:s5700scope:eqversion:v200r009c00

Trust: 1.8

vendor:huaweimodel:s5700scope:eqversion:v200r010c00

Trust: 1.8

vendor:huaweimodel:s6700scope:eqversion:v200r001c00

Trust: 1.8

vendor:huaweimodel:s6700scope:eqversion:v200r002c00

Trust: 1.8

vendor:huaweimodel:s6700scope:eqversion:v200r003c00

Trust: 1.8

vendor:huaweimodel:s6700scope:eqversion:v200r005c00

Trust: 1.8

vendor:huaweimodel:s6700scope:eqversion:v200r005c02

Trust: 1.8

vendor:huaweimodel:s6700scope:eqversion:v200r008c00

Trust: 1.8

vendor:huaweimodel:s6700scope:eqversion:v200r009c00

Trust: 1.8

vendor:huaweimodel:s6700scope:eqversion:v200r010c00

Trust: 1.8

vendor:huaweimodel:s7700scope:eqversion:v200r001c00

Trust: 1.8

vendor:huaweimodel:s7700scope:eqversion:v200r002c00

Trust: 1.8

vendor:huaweimodel:s7700scope:eqversion:v200r003c00

Trust: 1.8

vendor:huaweimodel:s7700scope:eqversion:v200r005c00

Trust: 1.8

vendor:huaweimodel:s7700scope:eqversion:v200r006c00

Trust: 1.8

vendor:huaweimodel:s7700scope:eqversion:v200r007c00

Trust: 1.8

vendor:huaweimodel:s7700scope:eqversion:v200r008c00

Trust: 1.8

vendor:huaweimodel:s7700scope:eqversion:v200r009c00

Trust: 1.8

vendor:huaweimodel:s7700scope:eqversion:v200r010c00

Trust: 1.8

vendor:huaweimodel:s9700scope:eqversion:v200r001c00

Trust: 1.8

vendor:huaweimodel:s9700scope:eqversion:v200r002c00

Trust: 1.8

vendor:huaweimodel:s9700scope:eqversion:v200r003c00

Trust: 1.8

vendor:huaweimodel:s9700scope:eqversion:v200r005c00

Trust: 1.8

vendor:huaweimodel:s3700scope:eqversion:v100r006c03

Trust: 0.8

vendor:huaweimodel:s3700scope:eqversion:v100r006c05

Trust: 0.8

vendor:huaweimodel:s12700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s1700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s1700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v100r006c03scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v100r006c05scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s3300 v100r006c05scope: - version: -

Trust: 0.6

vendor:huaweimodel:s3300 v100r006c03scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r003c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r005c03scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r005c05scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r003c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s600-e v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s600-e v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s600-e v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r005c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r005c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10spc003scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10spc100scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10spc101scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10spc102scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10spc221scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10spc400scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-38222 // JVNDB: JVNDB-2017-012436 // CNNVD: CNNVD-201712-061 // NVD: CVE-2017-15346

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15346
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-15346
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-38222
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-061
value: MEDIUM

Trust: 0.6

VULHUB: VHN-106159
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-15346
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-15346
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-38222
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-106159
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-15346
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-38222 // VULHUB: VHN-106159 // VULMON: CVE-2017-15346 // JVNDB: JVNDB-2017-012436 // CNNVD: CNNVD-201712-061 // NVD: CVE-2017-15346

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-106159 // JVNDB: JVNDB-2017-012436 // NVD: CVE-2017-15346

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-061

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201712-061

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012436

PATCH
title:huawei-sa-20171201-01-xmlurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en
Trust: 0.8
title:Huawei's various product XML parser denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/111809
Trust: 0.6
title:Multiple Huawei product XML Remediation measures for resolver security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76889
Trust: 0.6
title:Huawei Security Advisories: Security Advisory - Two DOS Vulnerabilities of XML Parser in Some Huawei Productsurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=2e3897be411afe991825f2d2f5ab3ea5
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-38222 // 
            
            
            
            VULMON: CVE-2017-15346 // 
            
            
            
            JVNDB: JVNDB-2017-012436 // 
            
            
            
            CNNVD: CNNVD-201712-061

EXTERNAL IDS
db:NVDid:CVE-2017-15346
Trust: 3.2
db:JVNDBid:JVNDB-2017-012436
Trust: 0.8
db:CNNVDid:CNNVD-201712-061
Trust: 0.7
db:CNVDid:CNVD-2017-38222
Trust: 0.6
db:VULHUBid:VHN-106159
Trust: 0.1
db:VULMONid:CVE-2017-15346
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-38222 // 
            
            
            
            VULHUB: VHN-106159 // 
            
            
            
            VULMON: CVE-2017-15346 // 
            
            
            
            JVNDB: JVNDB-2017-012436 // 
            
            
            
            CNNVD: CNNVD-201712-061 // 
            
            
            
            NVD: CVE-2017-15346

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en
Trust: 1.3
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20171201-01-xml-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15346
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15346
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171201-01-xml-cn
Trust: 0.6
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200909-01-mbb-cn
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-38222 // 
            
            
            
            VULHUB: VHN-106159 // 
            
            
            
            VULMON: CVE-2017-15346 // 
            
            
            
            JVNDB: JVNDB-2017-012436 // 
            
            
            
            CNNVD: CNNVD-201712-061 // 
            
            
            
            NVD: CVE-2017-15346

CREDITS
The vulnerability was discovered by Huawei internal testing.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201712-061

SOURCES
db:CNVDid:CNVD-2017-38222
db:VULHUBid:VHN-106159
db:VULMONid:CVE-2017-15346
db:JVNDBid:JVNDB-2017-012436
db:CNNVDid:CNNVD-201712-061
db:NVDid:CVE-2017-15346

LAST UPDATE DATE
2024-11-23T22:59:06.717000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-38222date:2017-12-27T00:00:00
db:VULHUBid:VHN-106159date:2018-02-24T00:00:00
db:VULMONid:CVE-2017-15346date:2018-02-24T00:00:00
db:JVNDBid:JVNDB-2017-012436date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201712-061date:2020-10-22T00:00:00
db:NVDid:CVE-2017-15346date:2024-11-21T03:14:30.757

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-38222date:2017-12-27T00:00:00
db:VULHUBid:VHN-106159date:2018-02-15T00:00:00
db:VULMONid:CVE-2017-15346date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012436date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201712-061date:2017-12-05T00:00:00
db:NVDid:CVE-2017-15346date:2018-02-15T16:29:01.047