Sign-up

ID

VAR-201803-0208


CVE

CVE-2017-17330


TITLE

Huawei AR3200 and NGFW Module Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012831

DESCRIPTION

Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200R007C01; V200R007C02; V200R008C00; V200R008C10; V200R008C20; V200R008C30; NGFW Module V500R001C00; V500R001C20; V500R002C00 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML element data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory. Huawei AR3200 and NGFW Module Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR3200 and NGFWModule are products of China Huawei. HuaweiAR3200 is an AR3200 series enterprise router product. NGFWModule is a firewall product. Multiple Huawei products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. The following products and versions are affected: Huawei AR3200 V200R005C32 Version, V200R006C10 Version, V200R006C11 Version, V200R007C00 Version, V200R007C01 Version, V200R007C02 Version, V200R008C00 Version, V200R008C10 Version, V200R008C20 Version, V200R008C30 Version; NGFW Module V500R001C00 Version, V500R001C20 Version, V500R002C00 Version

Trust: 2.52

sources: NVD: CVE-2017-17330 // JVNDB: JVNDB-2017-012831 // CNVD: CNVD-2017-37725 // BID: 103511 // VULHUB: VHN-108342

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-37725

AFFECTED PRODUCTS

vendor:huaweimodel:ngfw modulescope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r008c30

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r007c01

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r008c20

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r007c02

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r008c10

Trust: 1.6

vendor:huaweimodel:ngfw modulescope:eqversion:v500r001c20

Trust: 1.6

vendor:huaweimodel:ngfw modulescope:eqversion:v500r001c00

Trust: 1.6

vendor:huaweimodel:ar3200scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r006c11

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r005c32

Trust: 1.0

vendor:huaweimodel:ngfw module v500r001c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r007c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r005c32scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r008c20scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r006c11scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r007c01scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r007c02scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r008c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r008c10scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200 v200r008c30scope: - version: -

Trust: 0.9

vendor:huaweimodel:ngfw module v500r001c20scope: - version: -

Trust: 0.9

vendor:huaweimodel:ngfw module v500r002c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:ar3200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ngfw modulescope: - version: -

Trust: 0.8

vendor:huaweimodel:ar3200 v200r006c12scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r006c10scope: - version: -

Trust: 0.3

vendor:huaweimodel:ngfw module v500r002c10spc100scope:neversion: -

Trust: 0.3

vendor:huaweimodel:ar3200 v200r009c00scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-37725 // BID: 103511 // JVNDB: JVNDB-2017-012831 // CNNVD: CNNVD-201712-684 // NVD: CVE-2017-17330

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17330
value: LOW

Trust: 1.0

NVD: CVE-2017-17330
value: LOW

Trust: 0.8

CNVD: CNVD-2017-37725
value: LOW

Trust: 0.6

CNNVD: CNNVD-201712-684
value: LOW

Trust: 0.6

VULHUB: VHN-108342
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-17330
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-37725
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108342
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17330
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-37725 // VULHUB: VHN-108342 // JVNDB: JVNDB-2017-012831 // CNNVD: CNNVD-201712-684 // NVD: CVE-2017-17330

PROBLEMTYPE DATA

problemtype:CWE-772

Trust: 1.1

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-108342 // JVNDB: JVNDB-2017-012831 // NVD: CVE-2017-17330

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201712-684

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201712-684

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012831

PATCH
title:huawei-sa-20171206-04-xmlurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-04-xml-en
Trust: 0.8
title:Patch for HuaweiAR3200 and NGFWModule memory leak vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/111255
Trust: 0.6
title:Huawei AR3200  and NGFW Module Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77222
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-37725 // 
            
            
            
            JVNDB: JVNDB-2017-012831 // 
            
            
            
            CNNVD: CNNVD-201712-684

EXTERNAL IDS
db:NVDid:CVE-2017-17330
Trust: 3.4
db:JVNDBid:JVNDB-2017-012831
Trust: 0.8
db:CNNVDid:CNNVD-201712-684
Trust: 0.7
db:CNVDid:CNVD-2017-37725
Trust: 0.6
db:BIDid:103511
Trust: 0.4
db:VULHUBid:VHN-108342
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37725 // 
            
            
            
            VULHUB: VHN-108342 // 
            
            
            
            BID: 103511 // 
            
            
            
            JVNDB: JVNDB-2017-012831 // 
            
            
            
            CNNVD: CNNVD-201712-684 // 
            
            
            
            NVD: CVE-2017-17330

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-04-xml-en
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17330
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17330
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171206-04-xml-cn
Trust: 0.6
url:http://www.huawei.com/en/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-37725 // 
            
            
            
            VULHUB: VHN-108342 // 
            
            
            
            BID: 103511 // 
            
            
            
            JVNDB: JVNDB-2017-012831 // 
            
            
            
            CNNVD: CNNVD-201712-684 // 
            
            
            
            NVD: CVE-2017-17330

CREDITS
Huawei internal tester
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201712-684

SOURCES
db:CNVDid:CNVD-2017-37725
db:VULHUBid:VHN-108342
db:BIDid:103511
db:JVNDBid:JVNDB-2017-012831
db:CNNVDid:CNNVD-201712-684
db:NVDid:CVE-2017-17330

LAST UPDATE DATE
2024-11-23T22:06:58.641000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-37725date:2017-12-21T00:00:00
db:VULHUBid:VHN-108342date:2019-10-03T00:00:00
db:BIDid:103511date:2017-06-12T00:00:00
db:JVNDBid:JVNDB-2017-012831date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201712-684date:2019-10-23T00:00:00
db:NVDid:CVE-2017-17330date:2024-11-21T03:17:51.020

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-37725date:2017-12-21T00:00:00
db:VULHUBid:VHN-108342date:2018-03-09T00:00:00
db:BIDid:103511date:2017-06-12T00:00:00
db:JVNDBid:JVNDB-2017-012831date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201712-684date:2017-12-20T00:00:00
db:NVDid:CVE-2017-17330date:2018-03-09T17:29:02.330