Sign-up

ID

VAR-201803-1312


CVE

CVE-2017-15323


TITLE

plural Huawei Product depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012816

DESCRIPTION

Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, V500R001C30, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, TE60 V100R001C01, V100R001C10, V100R003C00, V500R002C00, V600R006C00, TP3106 V100R001C06, V100R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eCNS210_TD V100R004C10, eSpace U1981 V200R003C30 have a DoS vulnerability caused by memory exhaustion in some Huawei products. For lacking of adequate input validation, attackers can craft and send some malformed messages to the target device to exhaust the memory of the device and cause a Denial of Service (DoS). plural Huawei The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are products of China Huawei (Huawei). The DP300 is a video conferencing terminal. The eSpace7950 is a smart IP video phone product from China's Huawei company. A denial of service vulnerability exists in several Huawei products due to insufficient program validation of the input. An attacker could exploit the vulnerability to cause a denial of service (out of memory). The following products and versions are affected: Huawei NIP6600 V500R001C00 Version, V500R001C20 Version, V500R001C30 Version; DP300 V500R002C00 Version; Secospace USG6500 V500R001C00 Version, V500R001C20 Version, V500R001C30 Version; TE60 V100R001C01 Version, V100R001C10 Version, V100R003C00 Version, V500R002C00 Version, V600R006C00 Version; TP3106 V100R001C06 Version, V100R002C00 Version; VP9660 V200R001C02 Version, V200R001C30 Version, V500R002C00 Version, V500R002C10 Version; ViewPoint 8660 V100R008C03 Version; ViewPoint 9030 V100R011C02 Version, V100R011C03 Version; eCNS210_TD V100R004C10 Version; eSpace U1981 V200R003C30 Version

Trust: 2.25

sources: NVD: CVE-2017-15323 // JVNDB: JVNDB-2017-012816 // CNVD: CNVD-2017-38220 // VULHUB: VHN-106134

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38220

AFFECTED PRODUCTS

vendor:huaweimodel:viewpoint 9030scope:eqversion:v100r011c03

Trust: 1.6

vendor:huaweimodel:vp9660scope:eqversion:v500r002c10

Trust: 1.6

vendor:huaweimodel:ecns210 tdscope:eqversion:v100r004c10

Trust: 1.6

vendor:huaweimodel:tp3106scope:eqversion:v100r002c00

Trust: 1.6

vendor:huaweimodel:viewpoint 9030scope:eqversion:v100r011c02

Trust: 1.6

vendor:huaweimodel:viewpoint 8660scope:eqversion:v100r008c03

Trust: 1.6

vendor:huaweimodel:vp9660scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:espace u1981scope:eqversion:v200r003c30

Trust: 1.6

vendor:huaweimodel:vp9660scope:eqversion:v200r001c02

Trust: 1.6

vendor:huaweimodel:vp9660scope:eqversion:v200r001c30

Trust: 1.6

vendor:huaweimodel:nip6600scope:eqversion:v500r001c20

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v100r003c00

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:tp3106scope:eqversion:v100r001c06

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v100r001c01

Trust: 1.0

vendor:huaweimodel:secospace usg6500scope:eqversion:v500r001c00

Trust: 1.0

vendor:huaweimodel:nip6600scope:eqversion:v500r001c00

Trust: 1.0

vendor:huaweimodel:secospace usg6500scope:eqversion:v500r001c30

Trust: 1.0

vendor:huaweimodel:nip6600scope:eqversion:v500r001c30

Trust: 1.0

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.0

vendor:huaweimodel:secospace usg6500scope:eqversion:v500r001c20

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:ecns210 tdscope: - version: -

Trust: 0.8

vendor:huaweimodel:espace u1981scope: - version: -

Trust: 0.8

vendor:huaweimodel:nip6600scope: - version: -

Trust: 0.8

vendor:huaweimodel:secospace usg6500scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:tp3106scope: - version: -

Trust: 0.8

vendor:huaweimodel:viewpoint 8660scope: - version: -

Trust: 0.8

vendor:huaweimodel:viewpoint 9030scope: - version: -

Trust: 0.8

vendor:huaweimodel:vp9660scope: - version: -

Trust: 0.8

vendor:huaweimodel:vp9660 v200r001c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:vp9660 v200r001c30scope: - version: -

Trust: 0.6

vendor:huaweimodel:nip6600 v500r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace usg6500 v500r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:espace u1981 v200r003c30scope: - version: -

Trust: 0.6

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:tp3106 v100r001c06scope: - version: -

Trust: 0.6

vendor:huaweimodel:tp3106 v100r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:viewpoint v100r011c03scope:eqversion:9030

Trust: 0.6

vendor:huaweimodel:viewpoint v100r011c02scope:eqversion:9030

Trust: 0.6

vendor:huaweimodel:ecns210 td v100r004c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:vp9660 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:vp9660 v500r002c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:viewpoint v100r008c03scope:eqversion:8660

Trust: 0.6

vendor:huaweimodel:nip6600 v500r001c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:nip6600 v500r001c30scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace usg6500 v500r001c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace usg6500 v500r001c30scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-38220 // JVNDB: JVNDB-2017-012816 // CNNVD: CNNVD-201712-063 // NVD: CVE-2017-15323

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15323
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-15323
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-38220
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-063
value: MEDIUM

Trust: 0.6

VULHUB: VHN-106134
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-15323
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-38220
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-106134
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-15323
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-38220 // VULHUB: VHN-106134 // JVNDB: JVNDB-2017-012816 // CNNVD: CNNVD-201712-063 // NVD: CVE-2017-15323

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-106134 // JVNDB: JVNDB-2017-012816 // NVD: CVE-2017-15323

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201712-063

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201712-063

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012816

PATCH
title:huawei-sa-20171201-01-pseurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-pse-en
Trust: 0.8
title:Patches for several Huawei Product Denial of Service Vulnerabilities (CNVD-2017-38220)url:https://www.cnvd.org.cn/patchInfo/show/111813
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76891
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38220 // 
            
            
            
            JVNDB: JVNDB-2017-012816 // 
            
            
            
            CNNVD: CNNVD-201712-063

EXTERNAL IDS
db:NVDid:CVE-2017-15323
Trust: 3.1
db:JVNDBid:JVNDB-2017-012816
Trust: 0.8
db:CNNVDid:CNNVD-201712-063
Trust: 0.7
db:CNVDid:CNVD-2017-38220
Trust: 0.6
db:VULHUBid:VHN-106134
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-38220 // 
            
            
            
            VULHUB: VHN-106134 // 
            
            
            
            JVNDB: JVNDB-2017-012816 // 
            
            
            
            CNNVD: CNNVD-201712-063 // 
            
            
            
            NVD: CVE-2017-15323

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-pse-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15323
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15323
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171201-01-pse-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38220 // 
            
            
            
            VULHUB: VHN-106134 // 
            
            
            
            JVNDB: JVNDB-2017-012816 // 
            
            
            
            CNNVD: CNNVD-201712-063 // 
            
            
            
            NVD: CVE-2017-15323

CREDITS
Huawei internal tester
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201712-063

SOURCES
db:CNVDid:CNVD-2017-38220
db:VULHUBid:VHN-106134
db:JVNDBid:JVNDB-2017-012816
db:CNNVDid:CNNVD-201712-063
db:NVDid:CVE-2017-15323

LAST UPDATE DATE
2024-11-23T22:34:19.440000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-38220date:2017-12-27T00:00:00
db:VULHUBid:VHN-106134date:2018-03-27T00:00:00
db:JVNDBid:JVNDB-2017-012816date:2018-04-19T00:00:00
db:CNNVDid:CNNVD-201712-063date:2018-03-12T00:00:00
db:NVDid:CVE-2017-15323date:2024-11-21T03:14:27.800

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-38220date:2017-12-05T00:00:00
db:VULHUBid:VHN-106134date:2018-03-09T00:00:00
db:JVNDBid:JVNDB-2017-012816date:2018-04-19T00:00:00
db:CNNVDid:CNNVD-201712-063date:2017-12-05T00:00:00
db:NVDid:CVE-2017-15323date:2018-03-09T21:29:00.567