Details of VAR-201803-1034

ID

VAR-201803-1034

CVE

CVE-2017-17218

TITLE

plural Huawei Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012823

DESCRIPTION

SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. The vulnerability was caused by the device failing to adequately verify the message check. Multiple Huawei products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. SCCPX module is one of the signaling link control modules. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Trust: 2.52

sources: NVD: CVE-2017-17218 // JVNDB: JVNDB-2017-012823 // CNVD: CNVD-2018-05084 // BID: 103514 // VULHUB: VHN-108218

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-05084

AFFECTED PRODUCTS

vendor:	huawei	model:	te40	scope:	eq	version:	v600r006c00	Trust: 1.6
vendor:	huawei	model:	te50	scope:	eq	version:	v500r002c00	Trust: 1.6
vendor:	huawei	model:	te30	scope:	eq	version:	v100r001c10	Trust: 1.6
vendor:	huawei	model:	te60	scope:	eq	version:	v100r001c10	Trust: 1.6
vendor:	huawei	model:	te60	scope:	eq	version:	v500r002c00	Trust: 1.6
vendor:	huawei	model:	te30	scope:	eq	version:	v500r002c00	Trust: 1.6
vendor:	huawei	model:	te40	scope:	eq	version:	v500r002c00	Trust: 1.6
vendor:	huawei	model:	te50	scope:	eq	version:	v600r006c00	Trust: 1.6
vendor:	huawei	model:	te60	scope:	eq	version:	v600r006c00	Trust: 1.6
vendor:	huawei	model:	te30	scope:	eq	version:	v600r006c00	Trust: 1.6
vendor:	huawei	model:	rp200	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	rp200	scope:	eq	version:	v500r002c00	Trust: 1.0
vendor:	huawei	model:	dp300	scope:	eq	version:	v500r002c00	Trust: 1.0
vendor:	huawei	model:	dp300 v500r002c00	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	te60 v100r001c10	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	te60 v500r002c00	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	te60 v600r006c00	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	rp200 v500r002c00	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	rp200 v600r006c00	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	te30 v100r001c10	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	te30 v500r002c00	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	te30 v600r006c00	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	te40 v500r002c00	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	te40 v600r006c00	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	te50 v500r002c00	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	te50 v600r006c00	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	dp300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	rp200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te30	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te40	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te50	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te60	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te60 v600r006c00spc400	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	te50 te60 v600r006c00spc4	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	te40 te60 v600r006c00spc4	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	te30 v600r006c00spc400	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	rp200 te60 v600r006c00spc	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	dp300 v500r002c00spcb00	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2018-05084 // BID: 103514 // JVNDB: JVNDB-2017-012823 // CNNVD: CNNVD-201803-307 // NVD: CVE-2017-17218

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17218
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-17218
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-05084
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201803-307
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-108218
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-17218
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-05084
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-108218
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17218
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-05084 // VULHUB: VHN-108218 // JVNDB: JVNDB-2017-012823 // CNNVD: CNNVD-201803-307 // NVD: CVE-2017-17218

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-108218 // JVNDB: JVNDB-2017-012823 // NVD: CVE-2017-17218

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-307

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201803-307

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012823

PATCH

title:	huawei-sa-20180207-01-sccpx	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-sccpx-en	Trust: 0.8
title:	Patches for various Huawei products SCCPX modules out of bounds read vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/121257	Trust: 0.6
title:	Multiple Huawei product SCCPX Fixes for module buffer error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79029	Trust: 0.6

sources: CNVD: CNVD-2018-05084 // JVNDB: JVNDB-2017-012823 // CNNVD: CNNVD-201803-307

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17218	Trust: 3.4
db:	JVNDB	id:	JVNDB-2017-012823	Trust: 0.8
db:	CNVD	id:	CNVD-2018-05084	Trust: 0.6
db:	CNNVD	id:	CNNVD-201803-307	Trust: 0.6
db:	BID	id:	103514	Trust: 0.4
db:	VULHUB	id:	VHN-108218	Trust: 0.1

sources: CNVD: CNVD-2018-05084 // VULHUB: VHN-108218 // BID: 103514 // JVNDB: JVNDB-2017-012823 // CNNVD: CNNVD-201803-307 // NVD: CVE-2017-17218

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-sccpx-en	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17218	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17218	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180207-01-sccpx-cn	Trust: 0.6
url:	http://www.huawei.com/en/	Trust: 0.3

sources: CNVD: CNVD-2018-05084 // VULHUB: VHN-108218 // BID: 103514 // JVNDB: JVNDB-2017-012823 // CNNVD: CNNVD-201803-307 // NVD: CVE-2017-17218

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103514

SOURCES

db:	CNVD	id:	CNVD-2018-05084
db:	VULHUB	id:	VHN-108218
db:	BID	id:	103514
db:	JVNDB	id:	JVNDB-2017-012823
db:	CNNVD	id:	CNNVD-201803-307
db:	NVD	id:	CVE-2017-17218

LAST UPDATE DATE

2024-11-23T21:39:33.175000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-05084	date:	2018-03-13T00:00:00
db:	VULHUB	id:	VHN-108218	date:	2019-10-03T00:00:00
db:	BID	id:	103514	date:	2018-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-012823	date:	2018-04-20T00:00:00
db:	CNNVD	id:	CNNVD-201803-307	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-17218	date:	2024-11-21T03:17:41.097

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-05084	date:	2018-03-13T00:00:00
db:	VULHUB	id:	VHN-108218	date:	2018-03-09T00:00:00
db:	BID	id:	103514	date:	2018-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-012823	date:	2018-04-20T00:00:00
db:	CNNVD	id:	CNNVD-201803-307	date:	2018-03-13T00:00:00
db:	NVD	id:	CVE-2017-17218	date:	2018-03-09T17:29:01.110