Details of VAR-201802-0542

ID

VAR-201802-0542

CVE

CVE-2017-15343

TITLE

Huawei AR3200 Software integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012320

DESCRIPTION

Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could system reboot. The Huawei AR3200 series enterprise router is a new generation network product launched by Huawei. The attacker successfully sends the vulnerability to the system by sending a special SCTP packet to the device. The following versions are affected: Huawei AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, and V230R008C

Trust: 2.34

sources: NVD: CVE-2017-15343 // JVNDB: JVNDB-2017-012320 // CNVD: CNVD-2017-35594 // VULHUB: VHN-106156 // VULMON: CVE-2017-15343

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-35594

AFFECTED PRODUCTS

vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r007c00	Trust: 1.6
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r006c11	Trust: 1.6
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r008c00	Trust: 1.6
vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r008c20	Trust: 1.6
vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r006c10	Trust: 1.6
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r007c01	Trust: 1.6
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r008c10	Trust: 1.6
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r007c02	Trust: 1.6
vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r008c30	Trust: 1.6
vendor:	huawei	model:	ar120-s	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar1200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar3200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar3200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r006c11	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r007c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c30	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-35594 // JVNDB: JVNDB-2017-012320 // CNNVD: CNNVD-201802-462 // NVD: CVE-2017-15343

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-15343
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-15343
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-35594
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201802-462
value:	HIGH
Trust: 0.6
VULHUB:	VHN-106156
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-15343
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-15343
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-35594
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-106156
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-15343
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-35594 // VULHUB: VHN-106156 // VULMON: CVE-2017-15343 // JVNDB: JVNDB-2017-012320 // CNNVD: CNNVD-201802-462 // NVD: CVE-2017-15343

PROBLEMTYPE DATA

problemtype:

CWE-190

Trust: 1.9

sources: VULHUB: VHN-106156 // JVNDB: JVNDB-2017-012320 // NVD: CVE-2017-15343

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-462

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201802-462

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012320

PATCH

title:	huawei-sa-20171129-01-sctp	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-sctp-en	Trust: 0.8
title:	HuaweiAR3200 Patch for Integer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/107401	Trust: 0.6
title:	Huawei AR3200 Fixes for digital error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78541	Trust: 0.6

sources: CNVD: CNVD-2017-35594 // JVNDB: JVNDB-2017-012320 // CNNVD: CNNVD-201802-462

EXTERNAL IDS

db:	NVD	id:	CVE-2017-15343	Trust: 3.2
db:	JVNDB	id:	JVNDB-2017-012320	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-462	Trust: 0.7
db:	CNVD	id:	CNVD-2017-35594	Trust: 0.6
db:	VULHUB	id:	VHN-106156	Trust: 0.1
db:	VULMON	id:	CVE-2017-15343	Trust: 0.1

sources: CNVD: CNVD-2017-35594 // VULHUB: VHN-106156 // VULMON: CVE-2017-15343 // JVNDB: JVNDB-2017-012320 // CNNVD: CNNVD-201802-462 // NVD: CVE-2017-15343

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-sctp-en	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15343	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-15343	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171129-01-sctp-cn	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/190.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-35594 // VULHUB: VHN-106156 // VULMON: CVE-2017-15343 // JVNDB: JVNDB-2017-012320 // CNNVD: CNNVD-201802-462 // NVD: CVE-2017-15343

SOURCES

db:	CNVD	id:	CNVD-2017-35594
db:	VULHUB	id:	VHN-106156
db:	VULMON	id:	CVE-2017-15343
db:	JVNDB	id:	JVNDB-2017-012320
db:	CNNVD	id:	CNNVD-201802-462
db:	NVD	id:	CVE-2017-15343

LAST UPDATE DATE

2024-11-23T22:22:13.564000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-35594	date:	2017-11-30T00:00:00
db:	VULHUB	id:	VHN-106156	date:	2018-02-22T00:00:00
db:	VULMON	id:	CVE-2017-15343	date:	2018-02-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-012320	date:	2018-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201802-462	date:	2018-02-23T00:00:00
db:	NVD	id:	CVE-2017-15343	date:	2024-11-21T03:14:30.420

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-35594	date:	2017-11-30T00:00:00
db:	VULHUB	id:	VHN-106156	date:	2018-02-15T00:00:00
db:	VULMON	id:	CVE-2017-15343	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-012320	date:	2018-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201802-462	date:	2018-02-23T00:00:00
db:	NVD	id:	CVE-2017-15343	date:	2018-02-15T16:29:00.907