Sign-up

ID

VAR-201803-1033


CVE

CVE-2017-17217


TITLE

plural Huawei Vulnerability related to out-of-bounds writing in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012813

DESCRIPTION

Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds write vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. A variety of Huawei products MGCP protocol has a cross-border write vulnerability, which is due to the program failed to fully verify the message. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. There are security vulnerabilities in MGCP in many Huawei products. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00SPC200 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Trust: 2.25

sources: NVD: CVE-2017-17217 // JVNDB: JVNDB-2017-012813 // CNVD: CNVD-2018-02547 // VULHUB: VHN-108217

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-02547

AFFECTED PRODUCTS

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:rp200scope:eqversion:v500r002c00spc200

Trust: 1.0

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:rp200scope: - version: -

Trust: 0.8

vendor:huaweimodel:te30scope: - version: -

Trust: 0.8

vendor:huaweimodel:te40scope: - version: -

Trust: 0.8

vendor:huaweimodel:te50scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v500r002c00spc200scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-02547 // JVNDB: JVNDB-2017-012813 // CNNVD: CNNVD-201803-308 // NVD: CVE-2017-17217

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17217
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17217
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-02547
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-308
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108217
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17217
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-02547
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108217
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17217
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-02547 // VULHUB: VHN-108217 // JVNDB: JVNDB-2017-012813 // CNNVD: CNNVD-201803-308 // NVD: CVE-2017-17217

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.9

sources: VULHUB: VHN-108217 // JVNDB: JVNDB-2017-012813 // NVD: CVE-2017-17217

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-308

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-308

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012813

PATCH
title:huawei-sa-20180124-01-mgcpurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-mgcp-en
Trust: 0.8
title:A variety of Huawei products MGCP protocol cross-border write vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/115283
Trust: 0.6
title:Multiple Huawei product Media Gateway Control Protocol Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79030
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02547 // 
            
            
            
            JVNDB: JVNDB-2017-012813 // 
            
            
            
            CNNVD: CNNVD-201803-308

EXTERNAL IDS
db:NVDid:CVE-2017-17217
Trust: 3.1
db:JVNDBid:JVNDB-2017-012813
Trust: 0.8
db:CNVDid:CNVD-2018-02547
Trust: 0.6
db:CNNVDid:CNNVD-201803-308
Trust: 0.6
db:VULHUBid:VHN-108217
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-02547 // 
            
            
            
            VULHUB: VHN-108217 // 
            
            
            
            JVNDB: JVNDB-2017-012813 // 
            
            
            
            CNNVD: CNNVD-201803-308 // 
            
            
            
            NVD: CVE-2017-17217

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-mgcp-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17217
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17217
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180124-01-mgcp-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02547 // 
            
            
            
            VULHUB: VHN-108217 // 
            
            
            
            JVNDB: JVNDB-2017-012813 // 
            
            
            
            CNNVD: CNNVD-201803-308 // 
            
            
            
            NVD: CVE-2017-17217

SOURCES
db:CNVDid:CNVD-2018-02547
db:VULHUBid:VHN-108217
db:JVNDBid:JVNDB-2017-012813
db:CNNVDid:CNNVD-201803-308
db:NVDid:CVE-2017-17217

LAST UPDATE DATE
2024-11-23T22:00:40.321000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-02547date:2018-02-01T00:00:00
db:VULHUBid:VHN-108217date:2018-03-26T00:00:00
db:JVNDBid:JVNDB-2017-012813date:2018-04-19T00:00:00
db:CNNVDid:CNNVD-201803-308date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17217date:2024-11-21T03:17:40.973

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-02547date:2018-02-01T00:00:00
db:VULHUBid:VHN-108217date:2018-03-09T00:00:00
db:JVNDBid:JVNDB-2017-012813date:2018-04-19T00:00:00
db:CNNVDid:CNNVD-201803-308date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17217date:2018-03-09T17:29:01.063