Sign-up

ID

VAR-201803-1036


CVE

CVE-2017-17220


TITLE

plural Huawei Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012825

DESCRIPTION

SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an invalid memory access vulnerabilities. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. An attacker can send a packet attack with a special parameter to the device. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. SCCPX module is one of the signaling link control modules. The vulnerability is due to the fact that the program does not fully verify packets. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Trust: 2.25

sources: NVD: CVE-2017-17220 // JVNDB: JVNDB-2017-012825 // CNVD: CNVD-2018-05092 // VULHUB: VHN-108221

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05092

AFFECTED PRODUCTS

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:rp200scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:rp200scope: - version: -

Trust: 0.8

vendor:huaweimodel:te30scope: - version: -

Trust: 0.8

vendor:huaweimodel:te40scope: - version: -

Trust: 0.8

vendor:huaweimodel:te50scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-05092 // JVNDB: JVNDB-2017-012825 // CNNVD: CNNVD-201803-305 // NVD: CVE-2017-17220

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17220
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17220
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-05092
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-305
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108221
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17220
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-05092
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108221
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17220
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-05092 // VULHUB: VHN-108221 // JVNDB: JVNDB-2017-012825 // CNNVD: CNNVD-201803-305 // NVD: CVE-2017-17220

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-108221 // JVNDB: JVNDB-2017-012825 // NVD: CVE-2017-17220

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-305

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-305

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012825

PATCH
title:huawei-sa-20180207-01-sccpxurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-sccpx-en
Trust: 0.8
title:Patch for multiple Huawei product SCCPX module invalid memory access vulnerabilities (CNVD-2018-05092)url:https://www.cnvd.org.cn/patchInfo/show/121261
Trust: 0.6
title:Multiple Huawei product SCCPX Repair measures for module security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79027
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05092 // 
            
            
            
            JVNDB: JVNDB-2017-012825 // 
            
            
            
            CNNVD: CNNVD-201803-305

EXTERNAL IDS
db:NVDid:CVE-2017-17220
Trust: 3.1
db:JVNDBid:JVNDB-2017-012825
Trust: 0.8
db:CNVDid:CNVD-2018-05092
Trust: 0.6
db:CNNVDid:CNNVD-201803-305
Trust: 0.6
db:VULHUBid:VHN-108221
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05092 // 
            
            
            
            VULHUB: VHN-108221 // 
            
            
            
            JVNDB: JVNDB-2017-012825 // 
            
            
            
            CNNVD: CNNVD-201803-305 // 
            
            
            
            NVD: CVE-2017-17220

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-sccpx-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17220
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17220
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180207-01-sccpx-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05092 // 
            
            
            
            VULHUB: VHN-108221 // 
            
            
            
            JVNDB: JVNDB-2017-012825 // 
            
            
            
            CNNVD: CNNVD-201803-305 // 
            
            
            
            NVD: CVE-2017-17220

SOURCES
db:CNVDid:CNVD-2018-05092
db:VULHUBid:VHN-108221
db:JVNDBid:JVNDB-2017-012825
db:CNNVDid:CNNVD-201803-305
db:NVDid:CVE-2017-17220

LAST UPDATE DATE
2024-11-23T22:22:12.022000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05092date:2018-03-13T00:00:00
db:VULHUBid:VHN-108221date:2018-03-27T00:00:00
db:JVNDBid:JVNDB-2017-012825date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201803-305date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17220date:2024-11-21T03:17:41.333

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05092date:2018-03-13T00:00:00
db:VULHUBid:VHN-108221date:2018-03-09T00:00:00
db:JVNDBid:JVNDB-2017-012825date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201803-305date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17220date:2018-03-09T17:29:01.203