Sign-up

ID

VAR-201802-0546


CVE

CVE-2017-15333


TITLE

plural Huawei Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012479

DESCRIPTION

XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiS12700 is an enterprise-class switch product from China's Huawei company. XMLparser is one of the XML parsers. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Huawei S12700 V200R005C00 Version; S1700 V200R009C00 Version, V200R010C00 Version; S2300 V100R006C03 Version, V100R006C05 Version, V200R003C00 Version, V200R005C00 Version, V200R006C00 Version, V200R007C00 Version, V200R008C00 Version, V200R009C00 Version, V200R010C00 Version; S3300 V100R006C03 Version , V100R006C05 version; S3700 V100R006C03 version, V100R006C05 version; S5300, etc

Trust: 2.25

sources: NVD: CVE-2017-15333 // JVNDB: JVNDB-2017-012479 // CNVD: CNVD-2017-38223 // VULHUB: VHN-106145

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38223

AFFECTED PRODUCTS

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10spc221

Trust: 1.6

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10spc102

Trust: 1.6

vendor:huaweimodel:s7700scope:eqversion:v200r010c00

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r006c00

Trust: 1.6

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10spc200

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r009c00

Trust: 1.6

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10spc400

Trust: 1.6

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10spc101

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r002c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r002c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r002c00

Trust: 1.0

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10spc003

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r003c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r001c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10spc100

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r002c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10

Trust: 1.0

vendor:huaweimodel:s1700scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:s1700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r005c02

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r003c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r003c02

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r001c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r003c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r003c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r001c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r001c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ecns210 tdscope: - version: -

Trust: 0.8

vendor:huaweimodel:s12700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s1700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s3700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s6700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s7700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5700 v200r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r005c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r003c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s3300 v100r006c05scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v100r006c03scope: - version: -

Trust: 0.6

vendor:huaweimodel:s3300 v100r006c03scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v100r006c05scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r003c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s1700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s1700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r005c03scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r005c05scope: - version: -

Trust: 0.6

vendor:huaweimodel:s600-e v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s600-e v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r005c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2300 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s600-e v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6300 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10spc003scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10spc100scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10spc101scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10spc102scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10spc221scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10spc400scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-38223 // JVNDB: JVNDB-2017-012479 // CNNVD: CNNVD-201712-060 // NVD: CVE-2017-15333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15333
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-15333
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-38223
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-060
value: MEDIUM

Trust: 0.6

VULHUB: VHN-106145
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-15333
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-38223
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-106145
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-15333
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-38223 // VULHUB: VHN-106145 // JVNDB: JVNDB-2017-012479 // CNNVD: CNNVD-201712-060 // NVD: CVE-2017-15333

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-106145 // JVNDB: JVNDB-2017-012479 // NVD: CVE-2017-15333

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-060

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201712-060

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012479

PATCH
title:huawei-sa-20171201-01-xmlurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en
Trust: 0.8
title:Patches for various Huawei product XML parser denial of service vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/111799
Trust: 0.6
title:Multiple Huawei product XML Remediation measures for resolver security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76888
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38223 // 
            
            
            
            JVNDB: JVNDB-2017-012479 // 
            
            
            
            CNNVD: CNNVD-201712-060

EXTERNAL IDS
db:NVDid:CVE-2017-15333
Trust: 3.1
db:JVNDBid:JVNDB-2017-012479
Trust: 0.8
db:CNNVDid:CNNVD-201712-060
Trust: 0.7
db:CNVDid:CNVD-2017-38223
Trust: 0.6
db:VULHUBid:VHN-106145
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-38223 // 
            
            
            
            VULHUB: VHN-106145 // 
            
            
            
            JVNDB: JVNDB-2017-012479 // 
            
            
            
            CNNVD: CNNVD-201712-060 // 
            
            
            
            NVD: CVE-2017-15333

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15333
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15333
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171201-01-xml-cn
Trust: 0.6
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20171201-01-xml-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38223 // 
            
            
            
            VULHUB: VHN-106145 // 
            
            
            
            JVNDB: JVNDB-2017-012479 // 
            
            
            
            CNNVD: CNNVD-201712-060 // 
            
            
            
            NVD: CVE-2017-15333

CREDITS
Huawei internal tester, The vulnerability was discovered by Huawei internal testing.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201712-060

SOURCES
db:CNVDid:CNVD-2017-38223
db:VULHUBid:VHN-106145
db:JVNDBid:JVNDB-2017-012479
db:CNNVDid:CNNVD-201712-060
db:NVDid:CVE-2017-15333

LAST UPDATE DATE
2024-11-23T22:56:00.654000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-38223date:2017-12-27T00:00:00
db:VULHUBid:VHN-106145date:2018-02-27T00:00:00
db:JVNDBid:JVNDB-2017-012479date:2018-03-12T00:00:00
db:CNNVDid:CNNVD-201712-060date:2019-05-08T00:00:00
db:NVDid:CVE-2017-15333date:2024-11-21T03:14:29.053

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-38223date:2017-12-27T00:00:00
db:VULHUBid:VHN-106145date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012479date:2018-03-12T00:00:00
db:CNNVDid:CNNVD-201712-060date:2017-12-05T00:00:00
db:NVDid:CVE-2017-15333date:2018-02-15T16:29:00.423