Details of VAR-201803-0166

ID

VAR-201803-0166

CVE

CVE-2017-17281

TITLE

plural Huawei Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012889

DESCRIPTION

SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. A remote, authenticated attacker could exploit this vulnerability by sending specially crafted messages to a target device. Successful exploit may cause some information leak. plural Huawei The product contains an out-of-bounds vulnerability.Information may be obtained. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. SFTP moudle is one of the encrypted transmission modules. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version

Trust: 2.25

sources: NVD: CVE-2017-17281 // JVNDB: JVNDB-2017-012889 // CNVD: CNVD-2018-03825 // VULHUB: VHN-108288

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-03825

AFFECTED PRODUCTS

vendor:	huawei	model:	dp300	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	rp200	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te30	scope:	eq	version:	v100r001c10	Trust: 2.4
vendor:	huawei	model:	te30	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te30	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te40	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te40	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te50	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te50	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te60	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te60	scope:	eq	version:	v100r001c10	Trust: 1.8
vendor:	huawei	model:	te60	scope:	eq	version:	v500r002c00	Trust: 1.8
vendor:	huawei	model:	dp300 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v600r006c00	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-03825 // JVNDB: JVNDB-2017-012889 // CNNVD: CNNVD-201803-295 // NVD: CVE-2017-17281

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17281
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-17281
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-03825
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201803-295
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-108288
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-17281
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-03825
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-108288
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17281
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-03825 // VULHUB: VHN-108288 // JVNDB: JVNDB-2017-012889 // CNNVD: CNNVD-201803-295 // NVD: CVE-2017-17281

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.9

sources: VULHUB: VHN-108288 // JVNDB: JVNDB-2017-012889 // NVD: CVE-2017-17281

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-295

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201803-295

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012889

PATCH

title:	huawei-sa-20180228-01-sftp	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180228-01-sftp-en	Trust: 0.8
title:	Patches for various Huawei product SFTP modules out of bounds read vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/119257	Trust: 0.6
title:	Multiple Huawei product SFTP Fixes for module buffer error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79017	Trust: 0.6

sources: CNVD: CNVD-2018-03825 // JVNDB: JVNDB-2017-012889 // CNNVD: CNNVD-201803-295

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17281	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-012889	Trust: 0.8
db:	CNVD	id:	CNVD-2018-03825	Trust: 0.6
db:	CNNVD	id:	CNNVD-201803-295	Trust: 0.6
db:	VULHUB	id:	VHN-108288	Trust: 0.1

sources: CNVD: CNVD-2018-03825 // VULHUB: VHN-108288 // JVNDB: JVNDB-2017-012889 // CNNVD: CNNVD-201803-295 // NVD: CVE-2017-17281

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180228-01-sftp-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17281	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17281	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180228-01-sftp-cn	Trust: 0.6

sources: CNVD: CNVD-2018-03825 // VULHUB: VHN-108288 // JVNDB: JVNDB-2017-012889 // CNNVD: CNNVD-201803-295 // NVD: CVE-2017-17281

SOURCES

db:	CNVD	id:	CNVD-2018-03825
db:	VULHUB	id:	VHN-108288
db:	JVNDB	id:	JVNDB-2017-012889
db:	CNNVD	id:	CNNVD-201803-295
db:	NVD	id:	CVE-2017-17281

LAST UPDATE DATE

2024-11-23T22:06:58.702000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-03825	date:	2018-02-28T00:00:00
db:	VULHUB	id:	VHN-108288	date:	2018-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-012889	date:	2018-04-26T00:00:00
db:	CNNVD	id:	CNNVD-201803-295	date:	2018-03-13T00:00:00
db:	NVD	id:	CVE-2017-17281	date:	2024-11-21T03:17:44.583

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-03825	date:	2018-02-28T00:00:00
db:	VULHUB	id:	VHN-108288	date:	2018-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2017-012889	date:	2018-04-26T00:00:00
db:	CNNVD	id:	CNNVD-201803-295	date:	2018-03-13T00:00:00
db:	NVD	id:	CVE-2017-17281	date:	2018-03-09T17:29:01.703