Sign-up

ID

VAR-201803-0207


CVE

CVE-2017-17329


TITLE

Huawei ViewPoint 8660 Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012888

DESCRIPTION

Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory. Huawei ViewPoint 8660 Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiViewPoint8660 is a multipoint control unit for a conference TV system from China's Huawei company. Mutiple Huawei Products are prone to local denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition

Trust: 2.52

sources: NVD: CVE-2017-17329 // JVNDB: JVNDB-2017-012888 // CNVD: CNVD-2018-00319 // BID: 103449 // VULHUB: VHN-108340

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-00319

AFFECTED PRODUCTS

vendor:huaweimodel:viewpoint 8660scope:eqversion:v100r008c03

Trust: 2.4

vendor:huaweimodel:viewpoint v100r008c03scope:eqversion:8660

Trust: 0.9

vendor:huaweimodel:viewpoint v100r008c03spcc00scope:neversion:8660

Trust: 0.3

sources: CNVD: CNVD-2018-00319 // BID: 103449 // JVNDB: JVNDB-2017-012888 // CNNVD: CNNVD-201712-685 // NVD: CVE-2017-17329

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17329
value: LOW

Trust: 1.0

NVD: CVE-2017-17329
value: LOW

Trust: 0.8

CNVD: CNVD-2018-00319
value: LOW

Trust: 0.6

CNNVD: CNNVD-201712-685
value: LOW

Trust: 0.6

VULHUB: VHN-108340
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-17329
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-00319
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108340
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17329
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-00319 // VULHUB: VHN-108340 // JVNDB: JVNDB-2017-012888 // CNNVD: CNNVD-201712-685 // NVD: CVE-2017-17329

PROBLEMTYPE DATA

problemtype:CWE-772

Trust: 1.1

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-108340 // JVNDB: JVNDB-2017-012888 // NVD: CVE-2017-17329

THREAT TYPE

local

Trust: 0.9

sources: BID: 103449 // CNNVD: CNNVD-201712-685

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201712-685

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012888

PATCH
title:Security Advisory - Memory Leak Vulnerability in Several Huawei Productsurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-03-xml-en
Trust: 0.8
title:HuaweiViewPoint8660 memory leak vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/112701
Trust: 0.6
title:Huawei ViewPoint 8660 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77223
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-00319 // 
            
            
            
            JVNDB: JVNDB-2017-012888 // 
            
            
            
            CNNVD: CNNVD-201712-685

EXTERNAL IDS
db:NVDid:CVE-2017-17329
Trust: 3.4
db:JVNDBid:JVNDB-2017-012888
Trust: 0.8
db:CNNVDid:CNNVD-201712-685
Trust: 0.7
db:CNVDid:CNVD-2018-00319
Trust: 0.6
db:BIDid:103449
Trust: 0.4
db:VULHUBid:VHN-108340
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-00319 // 
            
            
            
            VULHUB: VHN-108340 // 
            
            
            
            BID: 103449 // 
            
            
            
            JVNDB: JVNDB-2017-012888 // 
            
            
            
            CNNVD: CNNVD-201712-685 // 
            
            
            
            NVD: CVE-2017-17329

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-03-xml-en
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17329
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17329
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20171206-03-xml-cn
Trust: 0.6
url:http://www.huawei.com/en/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-00319 // 
            
            
            
            VULHUB: VHN-108340 // 
            
            
            
            BID: 103449 // 
            
            
            
            JVNDB: JVNDB-2017-012888 // 
            
            
            
            CNNVD: CNNVD-201712-685 // 
            
            
            
            NVD: CVE-2017-17329

CREDITS
Huawei internal tester
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201712-685

SOURCES
db:CNVDid:CNVD-2018-00319
db:VULHUBid:VHN-108340
db:BIDid:103449
db:JVNDBid:JVNDB-2017-012888
db:CNNVDid:CNNVD-201712-685
db:NVDid:CVE-2017-17329

LAST UPDATE DATE
2024-11-23T22:52:11.842000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-00319date:2018-01-05T00:00:00
db:VULHUBid:VHN-108340date:2019-10-03T00:00:00
db:BIDid:103449date:2017-12-06T00:00:00
db:JVNDBid:JVNDB-2017-012888date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201712-685date:2019-10-23T00:00:00
db:NVDid:CVE-2017-17329date:2024-11-21T03:17:50.907

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-00319date:2018-01-05T00:00:00
db:VULHUBid:VHN-108340date:2018-03-09T00:00:00
db:BIDid:103449date:2017-12-06T00:00:00
db:JVNDBid:JVNDB-2017-012888date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201712-685date:2017-12-20T00:00:00
db:NVDid:CVE-2017-17329date:2018-03-09T17:29:02.283