ID

VAR-201802-0535


CVE

CVE-2017-15354


TITLE

plural Huawei Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012296

DESCRIPTION

Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300, RP200, TE series and TX50 are Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A buffer overflow vulnerability exists in several Huawei products because the device failed to adequately verify the parameters in the message. The exploit exploited this vulnerability through a carefully constructed HTTP message to cause some service exceptions. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TX50 V500R002C00 version, V600R006C00 version

Trust: 2.25

sources: NVD: CVE-2017-15354 // JVNDB: JVNDB-2017-012296 // CNVD: CNVD-2017-34414 // VULHUB: VHN-106168

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-34414

AFFECTED PRODUCTS

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:tx50scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:tx50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 1.0

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:rp200scope: - version: -

Trust: 0.8

vendor:huaweimodel:te30scope: - version: -

Trust: 0.8

vendor:huaweimodel:te40scope: - version: -

Trust: 0.8

vendor:huaweimodel:te50scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:tx50scope: - version: -

Trust: 0.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:tx50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:tx50 v600r006c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-34414 // JVNDB: JVNDB-2017-012296 // CNNVD: CNNVD-201802-460 // NVD: CVE-2017-15354

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15354
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-15354
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-34414
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201802-460
value: MEDIUM

Trust: 0.6

VULHUB: VHN-106168
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-15354
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34414
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-106168
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-15354
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-34414 // VULHUB: VHN-106168 // JVNDB: JVNDB-2017-012296 // CNNVD: CNNVD-201802-460 // NVD: CVE-2017-15354

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-106168 // JVNDB: JVNDB-2017-012296 // NVD: CVE-2017-15354

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-460

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201802-460

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:dp300_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:rp200_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:te30_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:te40_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:te50_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:te60_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:huawei:tx50_firmware"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2017-012296

PATCH

title:huawei-sa-20171108-02-httpurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en

Trust: 0.8

title:Patch for multiple Huawei product buffer overflow vulnerabilities (CNVD-2017-34414)url:https://www.cnvd.org.cn/patchInfo/show/106297

Trust: 0.6

title:Multiple Huawei Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78539

Trust: 0.6

sources: CNVD: CNVD-2017-34414 // JVNDB: JVNDB-2017-012296 // CNNVD: CNNVD-201802-460

EXTERNAL IDS

db:NVDid:CVE-2017-15354

Trust: 3.1

db:JVNDBid:JVNDB-2017-012296

Trust: 0.8

db:CNNVDid:CNNVD-201802-460

Trust: 0.7

db:CNVDid:CNVD-2017-34414

Trust: 0.6

db:VULHUBid:VHN-106168

Trust: 0.1

sources: CNVD: CNVD-2017-34414 // VULHUB: VHN-106168 // JVNDB: JVNDB-2017-012296 // CNNVD: CNNVD-201802-460 // NVD: CVE-2017-15354

REFERENCES

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15354

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-15354

Trust: 0.8

url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171108-02-http-cn

Trust: 0.6

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02- link :http-en

Trust: 0.6

sources: CNVD: CNVD-2017-34414 // VULHUB: VHN-106168 // JVNDB: JVNDB-2017-012296 // CNNVD: CNNVD-201802-460 // NVD: CVE-2017-15354

SOURCES

db:CNVDid:CNVD-2017-34414
db:VULHUBid:VHN-106168
db:JVNDBid:JVNDB-2017-012296
db:CNNVDid:CNNVD-201802-460
db:NVDid:CVE-2017-15354

LAST UPDATE DATE

2024-11-23T22:17:39.518000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-34414date:2017-11-17T00:00:00
db:VULHUBid:VHN-106168date:2018-02-22T00:00:00
db:JVNDBid:JVNDB-2017-012296date:2018-03-06T00:00:00
db:CNNVDid:CNNVD-201802-460date:2018-02-23T00:00:00
db:NVDid:CVE-2017-15354date:2024-11-21T03:14:31.903

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-34414date:2017-11-17T00:00:00
db:VULHUBid:VHN-106168date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012296date:2018-03-06T00:00:00
db:CNNVDid:CNNVD-201802-460date:2018-02-23T00:00:00
db:NVDid:CVE-2017-15354date:2018-02-15T16:29:01.453