Sign-up

ID

VAR-201803-1049


CVE

CVE-2017-17250


TITLE

plural Huawei Vulnerability related to out-of-bounds writing in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012879

DESCRIPTION

Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR120-S is a router product of China Huawei. A security vulnerability exists in several Huawei products due to the failure of the program to properly validate user-submitted data. There are security vulnerabilities in several Huawei products. The following products and versions are affected: Huawei AR120-S V200R005C32 Version; AR1200 V200R005C32 Version; AR1200-S V200R005C32 Version; AR150 V200R005C32 Version; AR150-S V200R005C32 Version; AR160 V200R005C32 Version; AR200 V200R005C32 Version; AR200-S V200R005C32 Version; AR2200- S V200R005C32 version; AR3200 V200R005C32 version; V200R007C00 version; AR510 V200R005C32 version; NetEngine16EX V200R005C32 version;

Trust: 2.25

sources: NVD: CVE-2017-17250 // JVNDB: JVNDB-2017-012879 // CNVD: CNVD-2018-05550 // VULHUB: VHN-108254

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05550

AFFECTED PRODUCTS

vendor:huaweimodel:s7700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:srg1300scope:eqversion:v200r005c32

Trust: 1.6

vendor:huaweimodel:srg3300scope:eqversion:v200r005c32

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s7700scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r007c01

Trust: 1.6

vendor:huaweimodel:s6700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:srg2300scope:eqversion:v200r005c32

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar150scope:eqversion:v200r005c32

Trust: 1.0

vendor:huaweimodel:ar2200-sscope:eqversion:v200r005c32

Trust: 1.0

vendor:huaweimodel:ar1200-sscope:eqversion:v200r005c32

Trust: 1.0

vendor:huaweimodel:ar200-sscope:eqversion:v200r005c32

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r007c01

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:ar160scope:eqversion:v200r005c32

Trust: 1.0

vendor:huaweimodel:ar200scope:eqversion:v200r005c32

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:ar1200scope:eqversion:v200r005c32

Trust: 1.0

vendor:huaweimodel:ar120-sscope:eqversion:v200r005c32

Trust: 1.0

vendor:huaweimodel:ar510scope:eqversion:v200r005c32

Trust: 1.0

vendor:huaweimodel:netengine16exscope:eqversion:v200r005c32

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r005c32

Trust: 1.0

vendor:huaweimodel:ar3200scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:ar150-sscope:eqversion:v200r005c32

Trust: 1.0

vendor:huaweimodel:ar120-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar1200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar1200-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar150scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar150-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar160scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar200-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar2200-sscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar3200scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar510scope: - version: -

Trust: 0.8

vendor:huaweimodel:netengine16exscope: - version: -

Trust: 0.8

vendor:huaweimodel:s12700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s2700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s6700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s7700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9700scope: - version: -

Trust: 0.8

vendor:huaweimodel:srg1300scope: - version: -

Trust: 0.8

vendor:huaweimodel:srg2300scope: - version: -

Trust: 0.8

vendor:huaweimodel:srg3300scope: - version: -

Trust: 0.8

vendor:huaweimodel:ar3200 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar3200 v200r005c32scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200 v200r005c32scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar1200-s v200r005c32scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar160 v200r005c32scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar200 v200r005c32scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar200-s v200r005c32scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar2200-s v200r005c32scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar510 v200r005c32scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg1300 v200r005c32scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg2300 v200r005c32scope: - version: -

Trust: 0.6

vendor:huaweimodel:srg3300 v200r005c32scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar120-s v200r005c32scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150 v200r005c32scope: - version: -

Trust: 0.6

vendor:huaweimodel:ar150-s v200r005c32scope: - version: -

Trust: 0.6

vendor:huaweimodel:netengine16ex v200r005c32scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-05550 // JVNDB: JVNDB-2017-012879 // CNNVD: CNNVD-201803-298 // NVD: CVE-2017-17250

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17250
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17250
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-05550
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-298
value: HIGH

Trust: 0.6

VULHUB: VHN-108254
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-17250
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-05550
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108254
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17250
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-05550 // VULHUB: VHN-108254 // JVNDB: JVNDB-2017-012879 // CNNVD: CNNVD-201803-298 // NVD: CVE-2017-17250

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.9

sources: VULHUB: VHN-108254 // JVNDB: JVNDB-2017-012879 // NVD: CVE-2017-17250

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-298

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-298

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012879

PATCH
title:huawei-sa-20180214-01-ospfurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en
Trust: 0.8
title:Huawei's multiple products cross-border write vulnerability patchesurl:https://www.cnvd.org.cn/patchInfo/show/121889
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79020
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05550 // 
            
            
            
            JVNDB: JVNDB-2017-012879 // 
            
            
            
            CNNVD: CNNVD-201803-298

EXTERNAL IDS
db:NVDid:CVE-2017-17250
Trust: 3.1
db:JVNDBid:JVNDB-2017-012879
Trust: 0.8
db:CNVDid:CNVD-2018-05550
Trust: 0.6
db:CNNVDid:CNNVD-201803-298
Trust: 0.6
db:VULHUBid:VHN-108254
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05550 // 
            
            
            
            VULHUB: VHN-108254 // 
            
            
            
            JVNDB: JVNDB-2017-012879 // 
            
            
            
            CNNVD: CNNVD-201803-298 // 
            
            
            
            NVD: CVE-2017-17250

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17250
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17250
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180214-01-ospf-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05550 // 
            
            
            
            VULHUB: VHN-108254 // 
            
            
            
            JVNDB: JVNDB-2017-012879 // 
            
            
            
            CNNVD: CNNVD-201803-298 // 
            
            
            
            NVD: CVE-2017-17250

SOURCES
db:CNVDid:CNVD-2018-05550
db:VULHUBid:VHN-108254
db:JVNDBid:JVNDB-2017-012879
db:CNNVDid:CNNVD-201803-298
db:NVDid:CVE-2017-17250

LAST UPDATE DATE
2024-11-23T23:12:14.126000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05550date:2018-03-19T00:00:00
db:VULHUBid:VHN-108254date:2018-03-29T00:00:00
db:JVNDBid:JVNDB-2017-012879date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201803-298date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17250date:2024-11-21T03:17:42.510

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05550date:2018-03-19T00:00:00
db:VULHUBid:VHN-108254date:2018-03-09T00:00:00
db:JVNDBid:JVNDB-2017-012879date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201803-298date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17250date:2018-03-09T17:29:01.547