Sign-up

ID

VAR-201803-1037


CVE

CVE-2017-17221


TITLE

Huawei eSpace 7950 and 8950 Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012826

DESCRIPTION

Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code. Huawei eSpace 7950 and 8950 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweieSpace 7950 and 8950 are both Huawei's 7950 and 8950 series IP phones. The vulnerability is due to the program failing to adequately verify the message. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 2.52

sources: NVD: CVE-2017-17221 // JVNDB: JVNDB-2017-012826 // CNVD: CNVD-2018-02549 // BID: 103438 // VULHUB: VHN-108222

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-02549

AFFECTED PRODUCTS

vendor:huaweimodel:espace 8950scope:eqversion:v200r003c00

Trust: 1.6

vendor:huaweimodel:espace 7950scope:eqversion:v200r003c30

Trust: 1.6

vendor:huaweimodel:espace 8950scope:eqversion:v200r003c30

Trust: 1.6

vendor:huaweimodel:espace v200r003c30scope:eqversion:7950

Trust: 0.9

vendor:huaweimodel:espace v200r003c00scope:eqversion:8950

Trust: 0.9

vendor:huaweimodel:espace v200r003c30scope:eqversion:8950

Trust: 0.9

vendor:huaweimodel:espace 7950scope: - version: -

Trust: 0.8

vendor:huaweimodel:espace 8950scope: - version: -

Trust: 0.8

vendor:huaweimodel:espace v200r003c30spc300scope:neversion:8950

Trust: 0.3

vendor:huaweimodel:espace v200r003c00spcr00scope:neversion:8950

Trust: 0.3

vendor:huaweimodel:espace v200r003c30spc700scope:neversion:7950

Trust: 0.3

sources: CNVD: CNVD-2018-02549 // BID: 103438 // JVNDB: JVNDB-2017-012826 // CNNVD: CNNVD-201803-304 // NVD: CVE-2017-17221

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17221
value: HIGH

Trust: 1.0

NVD: CVE-2017-17221
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-02549
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-304
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108222
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17221
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-02549
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108222
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17221
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-02549 // VULHUB: VHN-108222 // JVNDB: JVNDB-2017-012826 // CNNVD: CNNVD-201803-304 // NVD: CVE-2017-17221

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-108222 // JVNDB: JVNDB-2017-012826 // NVD: CVE-2017-17221

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-304

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201803-304

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012826

PATCH
title:huawei-sa-20180131-01-espaceurl:http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en
Trust: 0.8
title:Patch for HuaweieSpace7950 and 8950 Remote Code Execution Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/115315
Trust: 0.6
title:Huawei eSpace 8950  and 7950 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79026
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02549 // 
            
            
            
            JVNDB: JVNDB-2017-012826 // 
            
            
            
            CNNVD: CNNVD-201803-304

EXTERNAL IDS
db:NVDid:CVE-2017-17221
Trust: 3.4
db:JVNDBid:JVNDB-2017-012826
Trust: 0.8
db:CNVDid:CNVD-2018-02549
Trust: 0.6
db:NSFOCUSid:39169
Trust: 0.6
db:CNNVDid:CNNVD-201803-304
Trust: 0.6
db:BIDid:103438
Trust: 0.4
db:VULHUBid:VHN-108222
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-02549 // 
            
            
            
            VULHUB: VHN-108222 // 
            
            
            
            BID: 103438 // 
            
            
            
            JVNDB: JVNDB-2017-012826 // 
            
            
            
            CNNVD: CNNVD-201803-304 // 
            
            
            
            NVD: CVE-2017-17221

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17221
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17221
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-cn
Trust: 0.6
url:http://www.nsfocus.net/vulndb/39169
Trust: 0.6
url:http://www.huawei.com/en/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-02549 // 
            
            
            
            VULHUB: VHN-108222 // 
            
            
            
            BID: 103438 // 
            
            
            
            JVNDB: JVNDB-2017-012826 // 
            
            
            
            CNNVD: CNNVD-201803-304 // 
            
            
            
            NVD: CVE-2017-17221

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103438

SOURCES
db:CNVDid:CNVD-2018-02549
db:VULHUBid:VHN-108222
db:BIDid:103438
db:JVNDBid:JVNDB-2017-012826
db:CNNVDid:CNNVD-201803-304
db:NVDid:CVE-2017-17221

LAST UPDATE DATE
2024-11-23T22:26:27.357000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-02549date:2018-03-09T00:00:00
db:VULHUBid:VHN-108222date:2018-03-27T00:00:00
db:BIDid:103438date:2018-01-31T00:00:00
db:JVNDBid:JVNDB-2017-012826date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201803-304date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17221date:2024-11-21T03:17:41.453

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-02549date:2018-02-01T00:00:00
db:VULHUBid:VHN-108222date:2018-03-09T00:00:00
db:BIDid:103438date:2018-01-31T00:00:00
db:JVNDBid:JVNDB-2017-012826date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201803-304date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17221date:2018-03-09T17:29:01.250