Sign-up

ID

VAR-201803-1032


CVE

CVE-2017-17216


TITLE

plural Huawei Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012812

DESCRIPTION

Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may cause process reboot. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. The vulnerability is due to the program failing to fully verify the message. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00SPC200 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Trust: 2.25

sources: NVD: CVE-2017-17216 // JVNDB: JVNDB-2017-012812 // CNVD: CNVD-2018-02546 // VULHUB: VHN-108216

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-02546

AFFECTED PRODUCTS

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:rp200scope:eqversion:v500r002c00spc200

Trust: 1.0

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:rp200scope: - version: -

Trust: 0.8

vendor:huaweimodel:te30scope: - version: -

Trust: 0.8

vendor:huaweimodel:te40scope: - version: -

Trust: 0.8

vendor:huaweimodel:te50scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v500r002c00spc200scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-02546 // JVNDB: JVNDB-2017-012812 // CNNVD: CNNVD-201803-309 // NVD: CVE-2017-17216

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17216
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17216
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-02546
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-309
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108216
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17216
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-02546
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108216
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17216
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-02546 // VULHUB: VHN-108216 // JVNDB: JVNDB-2017-012812 // CNNVD: CNNVD-201803-309 // NVD: CVE-2017-17216

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-108216 // JVNDB: JVNDB-2017-012812 // NVD: CVE-2017-17216

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-309

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201803-309

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012812

PATCH
title:huawei-sa-20180124-01-mgcpurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-mgcp-en
Trust: 0.8
title:A variety of Huawei products MGCP protocol cross-border read vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/115281
Trust: 0.6
title:Multiple Huawei product Media Gateway Control Protocol Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79031
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02546 // 
            
            
            
            JVNDB: JVNDB-2017-012812 // 
            
            
            
            CNNVD: CNNVD-201803-309

EXTERNAL IDS
db:NVDid:CVE-2017-17216
Trust: 3.1
db:JVNDBid:JVNDB-2017-012812
Trust: 0.8
db:CNVDid:CNVD-2018-02546
Trust: 0.6
db:CNNVDid:CNNVD-201803-309
Trust: 0.6
db:VULHUBid:VHN-108216
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-02546 // 
            
            
            
            VULHUB: VHN-108216 // 
            
            
            
            JVNDB: JVNDB-2017-012812 // 
            
            
            
            CNNVD: CNNVD-201803-309 // 
            
            
            
            NVD: CVE-2017-17216

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-mgcp-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17216
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17216
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180124-01-mgcp-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02546 // 
            
            
            
            VULHUB: VHN-108216 // 
            
            
            
            JVNDB: JVNDB-2017-012812 // 
            
            
            
            CNNVD: CNNVD-201803-309 // 
            
            
            
            NVD: CVE-2017-17216

SOURCES
db:CNVDid:CNVD-2018-02546
db:VULHUBid:VHN-108216
db:JVNDBid:JVNDB-2017-012812
db:CNNVDid:CNNVD-201803-309
db:NVDid:CVE-2017-17216

LAST UPDATE DATE
2024-11-23T22:41:57.799000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-02546date:2018-02-05T00:00:00
db:VULHUBid:VHN-108216date:2018-03-26T00:00:00
db:JVNDBid:JVNDB-2017-012812date:2018-04-19T00:00:00
db:CNNVDid:CNNVD-201803-309date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17216date:2024-11-21T03:17:40.853

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-02546date:2018-02-01T00:00:00
db:VULHUBid:VHN-108216date:2018-03-09T00:00:00
db:JVNDBid:JVNDB-2017-012812date:2018-04-19T00:00:00
db:CNNVDid:CNNVD-201803-309date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17216date:2018-03-09T17:29:01