Sign-up

ID

VAR-201802-0530


CVE

CVE-2017-15349


TITLE

Huawei CloudEngine Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012437

DESCRIPTION

Huawei CloudEngine 12800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 5800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 6800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 7800 V100R003C00, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Resource ReServation Protocol (RSVP) packets to the affected products. Due to not release the memory to handle the packets, successful exploit will result in memory leak of the affected products and lead to a DoS condition. Huawei CloudEngine Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei CloudEngine12800 and other Huawei Huayun (Cloud) series of switch products. The vulnerability stems from the fact that the program does not release the memory for processing the message. The following products and versions are affected: Huawei CloudEngine 12800 V100R003C00 Version, V100R005C00 Version, V100R005C10 Version, V100R006C00 Version; CloudEngine 5800 V100R003C00 Version, V100R005C00 Version, V100R005C10 Version, V100R006C00 Version; CloudEngine 6800 V100R003C00 Version, V100R005C00 Version, V100R005C10 Version, V100R006C00 Version; CloudEngine 7800 V100R003C00, V100R005C00, V100R005C10, and V100R006C00

Trust: 2.25

sources: NVD: CVE-2017-15349 // JVNDB: JVNDB-2017-012437 // CNVD: CNVD-2017-38221 // VULHUB: VHN-106162

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38221

AFFECTED PRODUCTS

vendor:huaweimodel:cloudengine 5800scope:eqversion:v100r005c10

Trust: 2.4

vendor:huaweimodel:cloudengine 5800scope:eqversion:v100r006c00

Trust: 2.4

vendor:huaweimodel:cloudengine 6800scope:eqversion:v100r003c00

Trust: 2.4

vendor:huaweimodel:cloudengine 6800scope:eqversion:v100r005c00

Trust: 2.4

vendor:huaweimodel:cloudengine 6800scope:eqversion:v100r005c10

Trust: 2.4

vendor:huaweimodel:cloudengine 6800scope:eqversion:v100r006c00

Trust: 2.4

vendor:huaweimodel:cloudengine 7800scope:eqversion:v100r003c00

Trust: 2.4

vendor:huaweimodel:cloudengine 7800scope:eqversion:v100r005c00

Trust: 2.4

vendor:huaweimodel:cloudengine 7800scope:eqversion:v100r005c10

Trust: 2.4

vendor:huaweimodel:cloudengine 7800scope:eqversion:v100r006c00

Trust: 2.4

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r003c00

Trust: 1.8

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r005c00

Trust: 1.8

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r005c10

Trust: 1.8

vendor:huaweimodel:cloudengine 12800scope:eqversion:v100r006c00

Trust: 1.8

vendor:huaweimodel:cloudengine 5800scope:eqversion:v100r003c00

Trust: 1.8

vendor:huaweimodel:cloudengine 5800scope:eqversion:v100r005c00

Trust: 1.8

vendor:huaweimodel:cloudengine v100r003c00scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r005c00scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r005c10scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r006c00scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r005c00scope:eqversion:5800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r005c10scope:eqversion:5800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r006c00scope:eqversion:5800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r005c00scope:eqversion:6800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r005c10scope:eqversion:6800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r006c00scope:eqversion:6800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r005c00scope:eqversion:7800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r005c10scope:eqversion:7800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r006c00scope:eqversion:7800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r003c00scope:eqversion:5800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r003c00scope:eqversion:6800

Trust: 0.6

vendor:huaweimodel:cloudengine v100r003c00scope:eqversion:7800

Trust: 0.6

sources: CNVD: CNVD-2017-38221 // JVNDB: JVNDB-2017-012437 // CNNVD: CNNVD-201712-062 // NVD: CVE-2017-15349

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15349
value: HIGH

Trust: 1.0

NVD: CVE-2017-15349
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-38221
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201712-062
value: HIGH

Trust: 0.6

VULHUB: VHN-106162
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-15349
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-38221
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-106162
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-15349
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-38221 // VULHUB: VHN-106162 // JVNDB: JVNDB-2017-012437 // CNNVD: CNNVD-201712-062 // NVD: CVE-2017-15349

PROBLEMTYPE DATA

problemtype:CWE-772

Trust: 1.1

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-106162 // JVNDB: JVNDB-2017-012437 // NVD: CVE-2017-15349

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-062

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201712-062

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012437

PATCH
title:huawei-sa-20171201-01-routerurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-router-en
Trust: 0.8
title:Patch of Huawei's various product memory leak vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/111811
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76890
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38221 // 
            
            
            
            JVNDB: JVNDB-2017-012437 // 
            
            
            
            CNNVD: CNNVD-201712-062

EXTERNAL IDS
db:NVDid:CVE-2017-15349
Trust: 3.1
db:JVNDBid:JVNDB-2017-012437
Trust: 0.8
db:CNNVDid:CNNVD-201712-062
Trust: 0.7
db:CNVDid:CNVD-2017-38221
Trust: 0.6
db:VULHUBid:VHN-106162
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-38221 // 
            
            
            
            VULHUB: VHN-106162 // 
            
            
            
            JVNDB: JVNDB-2017-012437 // 
            
            
            
            CNNVD: CNNVD-201712-062 // 
            
            
            
            NVD: CVE-2017-15349

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-router-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15349
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15349
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171201-01-router-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38221 // 
            
            
            
            VULHUB: VHN-106162 // 
            
            
            
            JVNDB: JVNDB-2017-012437 // 
            
            
            
            CNNVD: CNNVD-201712-062 // 
            
            
            
            NVD: CVE-2017-15349

CREDITS
Huawei internal tester
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201712-062

SOURCES
db:CNVDid:CNVD-2017-38221
db:VULHUBid:VHN-106162
db:JVNDBid:JVNDB-2017-012437
db:CNNVDid:CNNVD-201712-062
db:NVDid:CVE-2017-15349

LAST UPDATE DATE
2024-11-23T21:53:23.232000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-38221date:2017-12-27T00:00:00
db:VULHUBid:VHN-106162date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-012437date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201712-062date:2019-10-23T00:00:00
db:NVDid:CVE-2017-15349date:2024-11-21T03:14:31.227

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-38221date:2017-12-27T00:00:00
db:VULHUBid:VHN-106162date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012437date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201712-062date:2017-12-05T00:00:00
db:NVDid:CVE-2017-15349date:2018-02-15T16:29:01.203