Details of VAR-201802-0543

ID

VAR-201802-0543

CVE

CVE-2017-15344

TITLE

Huawei AR3200 Software integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012321

DESCRIPTION

Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could cause system reboot. The Huawei AR3200 series enterprise router is a new generation network product launched by Huawei. The attacker successfully sends the vulnerability to the system by sending a special SCTP packet to the device. The following versions are affected: Huawei AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, and V230R008C

Trust: 2.25

sources: NVD: CVE-2017-15344 // JVNDB: JVNDB-2017-012321 // CNVD: CNVD-2017-35596 // VULHUB: VHN-106157

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-35596

AFFECTED PRODUCTS

vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r007c00	Trust: 1.6
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r006c11	Trust: 1.6
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r008c00	Trust: 1.6
vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r008c20	Trust: 1.6
vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r006c10	Trust: 1.6
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r007c01	Trust: 1.6
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r008c10	Trust: 1.6
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r007c02	Trust: 1.6
vendor:	huawei	model:	ar120-s	scope:	eq	version:	v200r008c30	Trust: 1.6
vendor:	huawei	model:	ar120-s	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar1200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar3200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar3200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r006c11	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r007c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c30	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-35596 // JVNDB: JVNDB-2017-012321 // CNNVD: CNNVD-201711-1147 // NVD: CVE-2017-15344

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-15344
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-15344
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-35596
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201711-1147
value:	HIGH
Trust: 0.6
VULHUB:	VHN-106157
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-15344
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-35596
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-106157
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-15344
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-35596 // VULHUB: VHN-106157 // JVNDB: JVNDB-2017-012321 // CNNVD: CNNVD-201711-1147 // NVD: CVE-2017-15344

PROBLEMTYPE DATA

problemtype:

CWE-190

Trust: 1.9

sources: VULHUB: VHN-106157 // JVNDB: JVNDB-2017-012321 // NVD: CVE-2017-15344

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1147

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201711-1147

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012321

PATCH

title:	huawei-sa-20171129-02-sctp	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-02-sctp-en	Trust: 0.8
title:	HuaweiAR3200 Buffer Overflow Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/107409	Trust: 0.6
title:	Huawei AR3200 Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76802	Trust: 0.6

sources: CNVD: CNVD-2017-35596 // JVNDB: JVNDB-2017-012321 // CNNVD: CNNVD-201711-1147

EXTERNAL IDS

db:	NVD	id:	CVE-2017-15344	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-012321	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-1147	Trust: 0.7
db:	CNVD	id:	CNVD-2017-35596	Trust: 0.6
db:	VULHUB	id:	VHN-106157	Trust: 0.1

sources: CNVD: CNVD-2017-35596 // VULHUB: VHN-106157 // JVNDB: JVNDB-2017-012321 // CNNVD: CNNVD-201711-1147 // NVD: CVE-2017-15344

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-02-sctp-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15344	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-15344	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171129-02-sctp-cn	Trust: 0.6

sources: CNVD: CNVD-2017-35596 // VULHUB: VHN-106157 // JVNDB: JVNDB-2017-012321 // CNNVD: CNNVD-201711-1147 // NVD: CVE-2017-15344

CREDITS

Huawei internal tester

Trust: 0.6

sources: CNNVD: CNNVD-201711-1147

SOURCES

db:	CNVD	id:	CNVD-2017-35596
db:	VULHUB	id:	VHN-106157
db:	JVNDB	id:	JVNDB-2017-012321
db:	CNNVD	id:	CNNVD-201711-1147
db:	NVD	id:	CVE-2017-15344

LAST UPDATE DATE

2024-11-23T22:34:24.149000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-35596	date:	2017-11-30T00:00:00
db:	VULHUB	id:	VHN-106157	date:	2018-02-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-012321	date:	2018-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201711-1147	date:	2017-11-30T00:00:00
db:	NVD	id:	CVE-2017-15344	date:	2024-11-21T03:14:30.543

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-35596	date:	2017-11-30T00:00:00
db:	VULHUB	id:	VHN-106157	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-012321	date:	2018-03-07T00:00:00
db:	CNNVD	id:	CNNVD-201711-1147	date:	2017-11-30T00:00:00
db:	NVD	id:	CVE-2017-15344	date:	2018-02-15T16:29:00.953