Details of VAR-201802-0551

ID

VAR-201802-0551

CVE

CVE-2017-15337

TITLE

plural Huawei Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012483

DESCRIPTION

The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker would have to find a way to craft specific messages to the affected products. Due to the insufficient validation for SIP messages, successful exploit may cause services abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. HuaweiDP300 is a video conferencing terminal device. IPSModule is an intrusion prevention module. SIPbackup is one of the SIP backup modules. The vulnerability is caused by the program failing to fully verify some of the values in the SIP message. An attacker could exploit the vulnerability by tampering with a message sent to the device to cause a service exception. The vulnerability is caused by the program's insufficient verification of some packets. The following products and versions are affected: Huawei DP300 Version; IPS Module V100R001C10 Version, V100R001C20 Version, V100R001C30 Version, V500R001C00 Version, V500R001C20 Version, V500R001C30 Version, V500R001C50 Version; NGFW Module V100R001C10 Version, V100R001C20 Version, V100R001C30 Version, V500R001C00 Version, V500R001C20 Version, V500R002C00 Version, V500R002C10 Version; NIP6300 V500R001C00 Version, V500R001C20 Version, V500R001C30 Version, V500R001C50 Version; NIP6600 V500R001C00 Version, V500R001C20 Version, V500R001C30 Version, V500R001C50 Version; NIP6800 V500R001C50 Version; RP200 V500R002C00 Version, V600R006C00 Version; SVN5600 wait

Trust: 2.25

sources: NVD: CVE-2017-15337 // JVNDB: JVNDB-2017-012483 // CNVD: CNVD-2017-37974 // VULHUB: VHN-106149

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-37974

AFFECTED PRODUCTS

vendor:	huawei	model:	viewpoint 9030	scope:	eq	version:	v100r011c03	Trust: 1.6
vendor:	huawei	model:	vp9660	scope:	eq	version:	v500r002c10	Trust: 1.6
vendor:	huawei	model:	viewpoint 9030	scope:	eq	version:	v100r011c02	Trust: 1.6
vendor:	huawei	model:	espace u1981	scope:	eq	version:	v100r001c20	Trust: 1.6
vendor:	huawei	model:	espace u1981	scope:	eq	version:	v200r003c00	Trust: 1.6
vendor:	huawei	model:	viewpoint 8660	scope:	eq	version:	v100r008c03	Trust: 1.6
vendor:	huawei	model:	espace u1981	scope:	eq	version:	v200r003c20	Trust: 1.6
vendor:	huawei	model:	vp9660	scope:	eq	version:	v500r002c00	Trust: 1.6
vendor:	huawei	model:	espace u1981	scope:	eq	version:	v200r003c30	Trust: 1.6
vendor:	huawei	model:	vp9660	scope:	eq	version:	v200r001c30	Trust: 1.6
vendor:	huawei	model:	secospace usg6300 v500r001c00	scope:	-	version:	-	Trust: 1.2
vendor:	huawei	model:	te30	scope:	eq	version:	v500r002c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c50	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	usg9520	scope:	eq	version:	v300r001c01	Trust: 1.0
vendor:	huawei	model:	svn5800	scope:	eq	version:	v200r003c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v100r001c20	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v100r001c30	Trust: 1.0
vendor:	huawei	model:	rp200	scope:	eq	version:	v500r002c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c50	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r002c10	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v100r001c20	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v100r001c10	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c50	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	te30	scope:	eq	version:	v100r001c10	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	te60	scope:	eq	version:	v500r002c00	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v100r001c30	Trust: 1.0
vendor:	huawei	model:	usg9580	scope:	eq	version:	v300r001c20	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c50	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	te60	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v100r001c20	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r002c00	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	te30	scope:	eq	version:	v100r001c02	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v100r001c10	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v100r001c30	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v500r001c50	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v100r001c10	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v100r001c00	Trust: 1.0
vendor:	huawei	model:	svn5600	scope:	eq	version:	v200r003c10	Trust: 1.0
vendor:	huawei	model:	te50	scope:	eq	version:	v500r002c00	Trust: 1.0
vendor:	huawei	model:	te60	scope:	eq	version:	v100r001c10	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	vp9660	scope:	eq	version:	v200r001c02	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v100r001c30	Trust: 1.0
vendor:	huawei	model:	te50	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	te30	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v100r001c10	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	svn5600	scope:	eq	version:	v200r003c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c50	Trust: 1.0
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r001c50	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v100r001c30	Trust: 1.0
vendor:	huawei	model:	svn5800-c	scope:	eq	version:	v200r003c10	Trust: 1.0
vendor:	huawei	model:	usg9560	scope:	eq	version:	v300r001c20	Trust: 1.0
vendor:	huawei	model:	dp300	scope:	eq	version:	v500r002c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	rp200	scope:	eq	version:	v600r006c0	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	semg9811	scope:	eq	version:	v300r001c01	Trust: 1.0
vendor:	huawei	model:	svn5800-c	scope:	eq	version:	v200r003c00	Trust: 1.0
vendor:	huawei	model:	te60	scope:	eq	version:	v100r001c01	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v100r001c20	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	te40	scope:	eq	version:	v500r002c00	Trust: 1.0
vendor:	huawei	model:	usg9560	scope:	eq	version:	v300r001c01	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	te40	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	usg9580	scope:	eq	version:	v300r001c01	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v100r001c20	Trust: 1.0
vendor:	huawei	model:	svn5800	scope:	eq	version:	v200r003c10	Trust: 1.0
vendor:	huawei	model:	usg9520	scope:	eq	version:	v300r001c20	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	dp300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	espace u1981	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ips module	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ngfw module	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6600	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	rp200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6600	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	semg9811	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	svn5600	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	svn5800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	svn5800-c	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te30	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te40	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te50	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te60	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9520	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9560	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9580	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	viewpoint 8660	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	viewpoint 9030	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	vp9660	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	vp9660 v200r001c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	vp9660 v200r001c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ips module v500r001c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ngfw module v500r001c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	nip6300 v500r001c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	nip6600 v500r001c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6500 v500r001c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6600 v500r001c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	usg9520 v300r001c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	usg9560 v300r001c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	usg9580 v300r001c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	espace u1981 v200r003c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	espace u1981 v200r003c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	dp300 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	espace u1981 v200r003c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	espace u1981 v100r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	viewpoint v100r011c03	scope:	eq	version:	9030	Trust: 0.6
vendor:	huawei	model:	viewpoint v100r011c02	scope:	eq	version:	9030	Trust: 0.6
vendor:	huawei	model:	rp200 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	vp9660 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	vp9660 v500r002c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	viewpoint v100r008c03	scope:	eq	version:	8660	Trust: 0.6
vendor:	huawei	model:	ips module v100r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ips module v100r001c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ips module v500r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ips module v500r001c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ips module v500r001c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ngfw module v100r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ngfw module v100r001c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ngfw module v500r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ngfw module v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ngfw module v500r002c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	nip6300 v500r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	nip6300 v500r001c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	nip6300 v500r001c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	nip6600 v500r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	nip6600 v500r001c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	nip6600 v500r001c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	nip6800 v500r001c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	svn5600 v200r003c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	svn5600 v200r003c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	svn5800-c v200r003c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	svn5800-c v200r003c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	svn5800 v200r003c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	svn5800 v200r003c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	semg9811 v300r001c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6300 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6300 v100r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6300 v100r001c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6300 v500r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6300 v500r001c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6300 v500r001c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6500 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6500 v100r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6500 v100r001c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6500 v500r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6500 v500r001c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6500 v500r001c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	usg9500 v500r001c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	usg9500 v500r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	usg9500 v500r001c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	usg9520 v300r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	usg9560 v300r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	usg9580 v300r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6600 v500r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6600 v500r001c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6600 v500r001c50	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ips module v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ngfw module v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6600 v100r001c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6600 v100r001c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6600 v100r001c30	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-37974 // JVNDB: JVNDB-2017-012483 // CNNVD: CNNVD-201712-067 // NVD: CVE-2017-15337

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-15337
value:	LOW
Trust: 1.0
NVD:	CVE-2017-15337
value:	LOW
Trust: 0.8
CNVD:	CNVD-2017-37974
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201712-067
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-106149
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-15337
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-37974
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-106149
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-15337
baseSeverity:	LOW
baseScore:	3.7
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.2
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-37974 // VULHUB: VHN-106149 // JVNDB: JVNDB-2017-012483 // CNNVD: CNNVD-201712-067 // NVD: CVE-2017-15337

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-106149 // JVNDB: JVNDB-2017-012483 // NVD: CVE-2017-15337

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-067

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201712-067

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012483

PATCH

title:	huawei-sa-20171201-01-sip	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en	Trust: 0.8
title:	Patch for multiple Huawei product SIP backup module buffer overflow vulnerability (CNVD-2017-37974)	url:	https://www.cnvd.org.cn/patchInfo/show/111631	Trust: 0.6
title:	Multiple Huawei product SIP Backup module buffer error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76895	Trust: 0.6

sources: CNVD: CNVD-2017-37974 // JVNDB: JVNDB-2017-012483 // CNNVD: CNNVD-201712-067

EXTERNAL IDS

db:	NVD	id:	CVE-2017-15337	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-012483	Trust: 0.8
db:	CNNVD	id:	CNNVD-201712-067	Trust: 0.7
db:	CNVD	id:	CNVD-2017-37974	Trust: 0.6
db:	VULHUB	id:	VHN-106149	Trust: 0.1

sources: CNVD: CNVD-2017-37974 // VULHUB: VHN-106149 // JVNDB: JVNDB-2017-012483 // CNNVD: CNNVD-201712-067 // NVD: CVE-2017-15337

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15337	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-15337	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171201-01-sip-cn	Trust: 0.6

sources: CNVD: CNVD-2017-37974 // VULHUB: VHN-106149 // JVNDB: JVNDB-2017-012483 // CNNVD: CNNVD-201712-067 // NVD: CVE-2017-15337

CREDITS

Huawei internal tester

Trust: 0.6

sources: CNNVD: CNNVD-201712-067

SOURCES

db:	CNVD	id:	CNVD-2017-37974
db:	VULHUB	id:	VHN-106149
db:	JVNDB	id:	JVNDB-2017-012483
db:	CNNVD	id:	CNNVD-201712-067
db:	NVD	id:	CVE-2017-15337

LAST UPDATE DATE

2024-11-23T21:53:23.200000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-37974	date:	2017-12-25T00:00:00
db:	VULHUB	id:	VHN-106149	date:	2018-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-012483	date:	2018-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201712-067	date:	2017-12-05T00:00:00
db:	NVD	id:	CVE-2017-15337	date:	2024-11-21T03:14:29.633

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-37974	date:	2017-12-25T00:00:00
db:	VULHUB	id:	VHN-106149	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-012483	date:	2018-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201712-067	date:	2017-12-05T00:00:00
db:	NVD	id:	CVE-2017-15337	date:	2018-02-15T16:29:00.610