Sign-up

ID

VAR-201803-1318


CVE

CVE-2017-17134


TITLE

plural Huawei Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012863

DESCRIPTION

XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has a DoS vulnerability. Due to not check the specially XML file enough an authenticated local attacker may craft specific XML files to the affected products and parse this file which cause to null pointer accessing and result in DoS attacks. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and RP200 are Huawei's integrated desktop telepresence products for high-end customers. The TE series is a high-definition video conferencing terminal that supports 1080p60. A number of Huawei product XML parsers have a denial of service vulnerability due to insufficient validation of the XML file by the affected product. The Huawei DP300 and others are all products of China's Huawei (Huawei). RP200 is a video conferencing all-in-one device. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00SPC200 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Trust: 2.25

sources: NVD: CVE-2017-17134 // JVNDB: JVNDB-2017-012863 // CNVD: CNVD-2017-38453 // VULHUB: VHN-108126

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38453

AFFECTED PRODUCTS

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:rp200scope:eqversion:v500r002c00spc200

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:rp200scope: - version: -

Trust: 0.8

vendor:huaweimodel:te30scope: - version: -

Trust: 0.8

vendor:huaweimodel:te40scope: - version: -

Trust: 0.8

vendor:huaweimodel:te50scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v500r002c00spc200scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-38453 // JVNDB: JVNDB-2017-012863 // CNNVD: CNNVD-201712-131 // NVD: CVE-2017-17134

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17134
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17134
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-38453
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-131
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108126
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-17134
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-38453
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108126
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17134
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-38453 // VULHUB: VHN-108126 // JVNDB: JVNDB-2017-012863 // CNNVD: CNNVD-201712-131 // NVD: CVE-2017-17134

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.1

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-108126 // JVNDB: JVNDB-2017-012863 // NVD: CVE-2017-17134

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201712-131

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201712-131

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012863

PATCH
title:huawei-sa-20171206-02-xmlurl:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-02-xml-en
Trust: 0.8
title:Patches for various Huawei product XML parser denial of service vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/112075
Trust: 0.6
title:Multiple Huawei product XML Fixatives for interpreter security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100232
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38453 // 
            
            
            
            JVNDB: JVNDB-2017-012863 // 
            
            
            
            CNNVD: CNNVD-201712-131

EXTERNAL IDS
db:NVDid:CVE-2017-17134
Trust: 3.1
db:JVNDBid:JVNDB-2017-012863
Trust: 0.8
db:CNNVDid:CNNVD-201712-131
Trust: 0.7
db:CNVDid:CNVD-2017-38453
Trust: 0.6
db:VULHUBid:VHN-108126
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-38453 // 
            
            
            
            VULHUB: VHN-108126 // 
            
            
            
            JVNDB: JVNDB-2017-012863 // 
            
            
            
            CNNVD: CNNVD-201712-131 // 
            
            
            
            NVD: CVE-2017-17134

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-02-xml-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17134
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17134
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171206-02-xml-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38453 // 
            
            
            
            VULHUB: VHN-108126 // 
            
            
            
            JVNDB: JVNDB-2017-012863 // 
            
            
            
            CNNVD: CNNVD-201712-131 // 
            
            
            
            NVD: CVE-2017-17134

SOURCES
db:CNVDid:CNVD-2017-38453
db:VULHUBid:VHN-108126
db:JVNDBid:JVNDB-2017-012863
db:CNNVDid:CNNVD-201712-131
db:NVDid:CVE-2017-17134

LAST UPDATE DATE
2024-11-23T22:52:11.655000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-38453date:2017-12-28T00:00:00
db:VULHUBid:VHN-108126date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-012863date:2018-04-25T00:00:00
db:CNNVDid:CNNVD-201712-131date:2019-10-23T00:00:00
db:NVDid:CVE-2017-17134date:2024-11-21T03:17:33.090

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-38453date:2017-12-28T00:00:00
db:VULHUBid:VHN-108126date:2018-03-05T00:00:00
db:JVNDBid:JVNDB-2017-012863date:2018-04-25T00:00:00
db:CNNVDid:CNNVD-201712-131date:2017-12-05T00:00:00
db:NVDid:CVE-2017-17134date:2018-03-05T19:29:00.377