Sign-up

ID

VAR-201802-0534


CVE

CVE-2017-15353


TITLE

plural Huawei Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012295

DESCRIPTION

Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C00, TE60, V100R001C01, V100R001C10, V500R002C00, V600R006C00, TX50, V500R002C00, V600R006C00, VP9660, V500R002C00, V500R002C10, ViewPoint 8660, V100R008C03, ViewPoint 9030, V100R011C02, V100R011C03, Viewpoint 8660, V100R008C03 have an out-of-bounds read vulnerability. An attacker has to control the peer device and send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause some service abnormal. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300, RP200, RSE6500, TX50, VP9660, TE series and ViewPoint series are Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A number of Huawei products have an out-of-bounds vulnerability because the device failed to adequately verify user input. Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. ViewPoint is a multi-point control unit of a video conference system. There are security vulnerabilities in several Huawei products. The following products and versions are affected: DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; RSE6500 V500R002C00 Version; TE30 V100R001C02 Version, V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C01 Version, V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TX50 V500R002C00 Version, V600R006C00 Version; VP9660 V500R002C00 Version, V500R002C10 Version; ViewPoint 8660 V100R008C03 Version; ViewPoint 9030 V100R011C02 Version, V100R011C03 Version; Viewpoint 8660 V100R008C03 Version

Trust: 2.25

sources: NVD: CVE-2017-15353 // JVNDB: JVNDB-2017-012295 // CNVD: CNVD-2017-34224 // VULHUB: VHN-106167

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-34224

AFFECTED PRODUCTS

vendor:huaweimodel:viewpoint 9030scope:eqversion:v100r011c03

Trust: 1.6

vendor:huaweimodel:vp9660scope:eqversion:v500r002c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:viewpoint 9030scope:eqversion:v100r011c02

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:viewpoint 8660scope:eqversion:v100r008c03

Trust: 1.6

vendor:huaweimodel:tx50scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:vp9660scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:tx50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 1.2

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 1.0

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:rse6500scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v100r001c01

Trust: 1.0

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:te30scope:eqversion:v100r001c02

Trust: 1.0

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:rp200scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:rp200scope: - version: -

Trust: 0.8

vendor:huaweimodel:rse6500scope: - version: -

Trust: 0.8

vendor:huaweimodel:te30scope: - version: -

Trust: 0.8

vendor:huaweimodel:te40scope: - version: -

Trust: 0.8

vendor:huaweimodel:te50scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:tx50scope: - version: -

Trust: 0.8

vendor:huaweimodel:viewpoint 8660scope: - version: -

Trust: 0.8

vendor:huaweimodel:viewpoint 9030scope: - version: -

Trust: 0.8

vendor:huaweimodel:vp9660scope: - version: -

Trust: 0.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:viewpoint v100r011c03scope:eqversion:9030

Trust: 0.6

vendor:huaweimodel:viewpoint v100r011c02scope:eqversion:9030

Trust: 0.6

vendor:huaweimodel:rp200 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rse6500 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:tx50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:tx50 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:vp9660 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:vp9660 v500r002c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:viewpoint v100r008c03scope:eqversion:8660

Trust: 0.6

sources: CNVD: CNVD-2017-34224 // JVNDB: JVNDB-2017-012295 // CNNVD: CNNVD-201711-1125 // NVD: CVE-2017-15353

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15353
value: LOW

Trust: 1.0

NVD: CVE-2017-15353
value: LOW

Trust: 0.8

CNVD: CNVD-2017-34224
value: LOW

Trust: 0.6

CNNVD: CNNVD-201711-1125
value: MEDIUM

Trust: 0.6

VULHUB: VHN-106167
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-15353
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34224
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-106167
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-15353
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-34224 // VULHUB: VHN-106167 // JVNDB: JVNDB-2017-012295 // CNNVD: CNNVD-201711-1125 // NVD: CVE-2017-15353

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-106167 // JVNDB: JVNDB-2017-012295 // NVD: CVE-2017-15353

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1125

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-1125

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012295

PATCH
title:huawei-sa-20171115-01-h323url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-h323-en
Trust: 0.8
title:Patches of various Huawei products across the borderurl:https://www.cnvd.org.cn/patchInfo/show/106204
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76785
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34224 // 
            
            
            
            JVNDB: JVNDB-2017-012295 // 
            
            
            
            CNNVD: CNNVD-201711-1125

EXTERNAL IDS
db:NVDid:CVE-2017-15353
Trust: 3.1
db:JVNDBid:JVNDB-2017-012295
Trust: 0.8
db:CNNVDid:CNNVD-201711-1125
Trust: 0.7
db:CNVDid:CNVD-2017-34224
Trust: 0.6
db:VULHUBid:VHN-106167
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34224 // 
            
            
            
            VULHUB: VHN-106167 // 
            
            
            
            JVNDB: JVNDB-2017-012295 // 
            
            
            
            CNNVD: CNNVD-201711-1125 // 
            
            
            
            NVD: CVE-2017-15353

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-h323-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15353
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15353
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171115-01-h323-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34224 // 
            
            
            
            VULHUB: VHN-106167 // 
            
            
            
            JVNDB: JVNDB-2017-012295 // 
            
            
            
            CNNVD: CNNVD-201711-1125 // 
            
            
            
            NVD: CVE-2017-15353

CREDITS
Huawei internal tester
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-1125

SOURCES
db:CNVDid:CNVD-2017-34224
db:VULHUBid:VHN-106167
db:JVNDBid:JVNDB-2017-012295
db:CNNVDid:CNNVD-201711-1125
db:NVDid:CVE-2017-15353

LAST UPDATE DATE
2024-11-23T22:52:12.896000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34224date:2017-11-16T00:00:00
db:VULHUBid:VHN-106167date:2018-02-22T00:00:00
db:JVNDBid:JVNDB-2017-012295date:2018-03-06T00:00:00
db:CNNVDid:CNNVD-201711-1125date:2017-11-30T00:00:00
db:NVDid:CVE-2017-15353date:2024-11-21T03:14:31.767

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-34224date:2017-11-16T00:00:00
db:VULHUBid:VHN-106167date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012295date:2018-03-06T00:00:00
db:CNNVDid:CNNVD-201711-1125date:2017-11-30T00:00:00
db:NVDid:CVE-2017-15353date:2018-02-15T16:29:01.407