Sign-up

ID

VAR-201803-1310


CVE

CVE-2017-15314


TITLE

plural Huawei Resource management vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012814

DESCRIPTION

Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE40 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE50 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability due to memory don't be released when the XML parser process some node fail. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. plural Huawei The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300/RP200 and TE series are Huawei's integrated desktop telepresence and high-definition video conferencing terminals for high-end customers. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. An information disclosure vulnerability exists in several Huawei products. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00SPC200 Version, V600R006C00 Version; TE30 V100R001C10SPC300 Version, V100R001C10SPC500 Version, V100R001C10SPC600 Version, V100R001C10SPC700 Version, V500R002C00SPC200 Version, V500R002C00SPC500 Version, V500R002C00SPC600 Version, V500R002C00SPC700 Version, V500R002C00SPC900 Version, V500R002C00SPCb00 Version, V600R006C00 Version; TE40 V500R002C00SPC600 Version, V500R002C00SPC700 Version, V500R002C00SPC900 Version, V500R002C00SPCb00 Version, V600R006C00 Version; TE50 V500R002C00SPC600 Version, V500R002C00SPC700 Version, V500R002C00SPCb00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version

Trust: 2.25

sources: NVD: CVE-2017-15314 // JVNDB: JVNDB-2017-012814 // CNVD: CNVD-2017-35719 // VULHUB: VHN-106124

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-35719

AFFECTED PRODUCTS

vendor:huaweimodel:te40scope:eqversion:v500r002c00spc700

Trust: 1.6

vendor:huaweimodel:te40scope:eqversion:v500r002c00spcb00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te40scope:eqversion:v500r002c00spc900

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v500r002c00spc600

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v500r002c00spc700

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v500r002c00spcb00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v100r001c10spc700

Trust: 1.0

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:te30scope:eqversion:v500r002c00spc700

Trust: 1.0

vendor:huaweimodel:te30scope:eqversion:v100r001c10spc600

Trust: 1.0

vendor:huaweimodel:te40scope:eqversion:v500r002c00spc600

Trust: 1.0

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:te30scope:eqversion:v500r002c00spc500

Trust: 1.0

vendor:huaweimodel:rp200scope:eqversion:v500r002c00spc200

Trust: 1.0

vendor:huaweimodel:te30scope:eqversion:v100r001c10spc500

Trust: 1.0

vendor:huaweimodel:te30scope:eqversion:v500r002c00spc200

Trust: 1.0

vendor:huaweimodel:te30scope:eqversion:v100r001c10spc300

Trust: 1.0

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:te30scope:eqversion:v500r002c00spc600

Trust: 1.0

vendor:huaweimodel:te30scope:eqversion:v500r002c00spc900

Trust: 1.0

vendor:huaweimodel:te30scope:eqversion:v500r002c00spcb00

Trust: 1.0

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:rp200scope: - version: -

Trust: 0.8

vendor:huaweimodel:te30scope: - version: -

Trust: 0.8

vendor:huaweimodel:te40scope: - version: -

Trust: 0.8

vendor:huaweimodel:te50scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v500r002c00spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10spc300scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10spc700scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00spc700scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00spc900scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00spcb00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00spc700scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00spc900scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00spcb00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00spc700scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00spcb00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-35719 // JVNDB: JVNDB-2017-012814 // CNNVD: CNNVD-201710-462 // NVD: CVE-2017-15314

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15314
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-15314
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-35719
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201710-462
value: MEDIUM

Trust: 0.6

VULHUB: VHN-106124
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-15314
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-35719
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-106124
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-15314
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-35719 // VULHUB: VHN-106124 // JVNDB: JVNDB-2017-012814 // CNNVD: CNNVD-201710-462 // NVD: CVE-2017-15314

PROBLEMTYPE DATA

problemtype:CWE-772

Trust: 1.1

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-106124 // JVNDB: JVNDB-2017-012814 // NVD: CVE-2017-15314

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201710-462

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201710-462

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012814

PATCH
title:huawei-sa-20171129-01-xmlurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-xml-en
Trust: 0.8
title:Patch of several Huawei product memory leak vulnerabilities (CNVD-2017-35719)url:https://www.cnvd.org.cn/patchInfo/show/107505
Trust: 0.6
title:Multiple Huawei Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100106
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-35719 // 
            
            
            
            JVNDB: JVNDB-2017-012814 // 
            
            
            
            CNNVD: CNNVD-201710-462

EXTERNAL IDS
db:NVDid:CVE-2017-15314
Trust: 3.1
db:JVNDBid:JVNDB-2017-012814
Trust: 0.8
db:CNNVDid:CNNVD-201710-462
Trust: 0.7
db:CNVDid:CNVD-2017-35719
Trust: 0.6
db:VULHUBid:VHN-106124
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-35719 // 
            
            
            
            VULHUB: VHN-106124 // 
            
            
            
            JVNDB: JVNDB-2017-012814 // 
            
            
            
            CNNVD: CNNVD-201710-462 // 
            
            
            
            NVD: CVE-2017-15314

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-xml-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15314
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15314
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171129-01-xml-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-35719 // 
            
            
            
            VULHUB: VHN-106124 // 
            
            
            
            JVNDB: JVNDB-2017-012814 // 
            
            
            
            CNNVD: CNNVD-201710-462 // 
            
            
            
            NVD: CVE-2017-15314

SOURCES
db:CNVDid:CNVD-2017-35719
db:VULHUBid:VHN-106124
db:JVNDBid:JVNDB-2017-012814
db:CNNVDid:CNNVD-201710-462
db:NVDid:CVE-2017-15314

LAST UPDATE DATE
2024-11-23T22:26:26.859000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-35719date:2017-12-01T00:00:00
db:VULHUBid:VHN-106124date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-012814date:2018-04-19T00:00:00
db:CNNVDid:CNNVD-201710-462date:2019-10-23T00:00:00
db:NVDid:CVE-2017-15314date:2024-11-21T03:14:26.723

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-35719date:2017-12-01T00:00:00
db:VULHUBid:VHN-106124date:2018-03-09T00:00:00
db:JVNDBid:JVNDB-2017-012814date:2018-04-19T00:00:00
db:CNNVDid:CNNVD-201710-462date:2017-10-17T00:00:00
db:NVDid:CVE-2017-15314date:2018-03-09T21:29:00.470