Details of VAR-201802-0529

ID

VAR-201802-0529

CVE

CVE-2017-15348

TITLE

plural Huawei There is a vulnerability related to input validation in the product.

Trust: 0.8

sources: JVNDB: JVNDB-2017-012457

DESCRIPTION

Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. are the intrusion prevention and intrusion detection products of China Huawei (Huawei). There are security vulnerabilities in several Huawei products. The vulnerability is caused by the program not fully verifying the parameters in the message. The following products and versions are affected: Huawei IPS Module V500R001C00 Version; NGFW Module V500R001C00 Version; NIP6300 V500R001C00 Version; NIP6600 V500R001C00 Version; Secospace USG6300 V500R001C00 Version; Secospace USG6500 V500R001C00 Version; USG9500 V500R001C00 Version

Trust: 1.71

sources: NVD: CVE-2017-15348 // JVNDB: JVNDB-2017-012457 // VULHUB: VHN-106161

AFFECTED PRODUCTS

vendor:	huawei	model:	ips module	scope:	eq	version:	v500r001c00	Trust: 2.4
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r001c00	Trust: 2.4
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c00	Trust: 2.4
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c00	Trust: 2.4
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c00	Trust: 2.4
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c00	Trust: 2.4
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c00	Trust: 2.4
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c00	Trust: 2.4

sources: JVNDB: JVNDB-2017-012457 // CNNVD: CNNVD-201711-1146 // NVD: CVE-2017-15348

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-15348
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-15348
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201711-1146
value:	HIGH
Trust: 0.6
VULHUB:	VHN-106161
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-15348
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-106161
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-15348
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-106161 // JVNDB: JVNDB-2017-012457 // CNNVD: CNNVD-201711-1146 // NVD: CVE-2017-15348

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-106161 // JVNDB: JVNDB-2017-012457 // NVD: CVE-2017-15348

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1146

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201711-1146

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012457

PATCH

title:	huawei-sa-20171129-01-routers	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en	Trust: 0.8
title:	Multiple Huawei Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76801	Trust: 0.6

sources: JVNDB: JVNDB-2017-012457 // CNNVD: CNNVD-201711-1146

EXTERNAL IDS

db:	NVD	id:	CVE-2017-15348	Trust: 2.5
db:	JVNDB	id:	JVNDB-2017-012457	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-1146	Trust: 0.7
db:	VULHUB	id:	VHN-106161	Trust: 0.1

sources: VULHUB: VHN-106161 // JVNDB: JVNDB-2017-012457 // CNNVD: CNNVD-201711-1146 // NVD: CVE-2017-15348

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15348	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-15348	Trust: 0.8

sources: VULHUB: VHN-106161 // JVNDB: JVNDB-2017-012457 // CNNVD: CNNVD-201711-1146 // NVD: CVE-2017-15348

CREDITS

Huawei internal tester

Trust: 0.6

sources: CNNVD: CNNVD-201711-1146

SOURCES

db:	VULHUB	id:	VHN-106161
db:	JVNDB	id:	JVNDB-2017-012457
db:	CNNVD	id:	CNNVD-201711-1146
db:	NVD	id:	CVE-2017-15348

LAST UPDATE DATE

2024-11-23T22:12:40.416000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-106161	date:	2018-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2017-012457	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201711-1146	date:	2017-11-30T00:00:00
db:	NVD	id:	CVE-2017-15348	date:	2024-11-21T03:14:31.017

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-106161	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-012457	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201711-1146	date:	2017-11-30T00:00:00
db:	NVD	id:	CVE-2017-15348	date:	2018-02-15T16:29:01.143