Sign-up

ID

VAR-201803-1322


CVE

CVE-2017-17147


TITLE

Huawei DP300 Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012872

DESCRIPTION

Huawei DP300 V500R002C00 have an integer overflow vulnerability due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks. Huawei DP300 Contains an integer overflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 is a video conferencing terminal of China's Huawei company. The HuaweiDP300XML parser has an integer overflow vulnerability, which is due to the XML parser not fully verifying the received content. Multiple Huawei Products are prone to multiple local integer-overflow vulnerabilities. An attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. Due to the nature of this issue, code execution may be possible but this has not been confirmed

Trust: 2.52

sources: NVD: CVE-2017-17147 // JVNDB: JVNDB-2017-012872 // CNVD: CNVD-2017-38451 // BID: 103411 // VULHUB: VHN-108140

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38451

AFFECTED PRODUCTS

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.4

vendor:huaweimodel:dp300scope:lteversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:dp300 v500r002c00spcb00scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-38451 // BID: 103411 // JVNDB: JVNDB-2017-012872 // CNNVD: CNNVD-201712-326 // NVD: CVE-2017-17147

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17147
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17147
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-38451
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-326
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108140
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17147
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-38451
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108140
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17147
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-38451 // VULHUB: VHN-108140 // JVNDB: JVNDB-2017-012872 // CNNVD: CNNVD-201712-326 // NVD: CVE-2017-17147

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.9

sources: VULHUB: VHN-108140 // JVNDB: JVNDB-2017-012872 // NVD: CVE-2017-17147

THREAT TYPE

local

Trust: 0.9

sources: BID: 103411 // CNNVD: CNNVD-201712-326

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201712-326

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012872

PATCH
title:huawei-sa-20171215-01-xml url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-xml-en
Trust: 0.8
title:HuaweiDP300XML parser integer overflow vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/112079
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38451 // 
            
            
            
            JVNDB: JVNDB-2017-012872

EXTERNAL IDS
db:NVDid:CVE-2017-17147
Trust: 3.4
db:JVNDBid:JVNDB-2017-012872
Trust: 0.8
db:CNNVDid:CNNVD-201712-326
Trust: 0.7
db:CNVDid:CNVD-2017-38451
Trust: 0.6
db:NSFOCUSid:39157
Trust: 0.6
db:BIDid:103411
Trust: 0.4
db:VULHUBid:VHN-108140
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-38451 // 
            
            
            
            VULHUB: VHN-108140 // 
            
            
            
            BID: 103411 // 
            
            
            
            JVNDB: JVNDB-2017-012872 // 
            
            
            
            CNNVD: CNNVD-201712-326 // 
            
            
            
            NVD: CVE-2017-17147

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-xml-en
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17147
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17147
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171215-01-xml-cn
Trust: 0.6
url:http://www.nsfocus.net/vulndb/39157
Trust: 0.6
url:http://www.huawei.com/en/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-38451 // 
            
            
            
            VULHUB: VHN-108140 // 
            
            
            
            BID: 103411 // 
            
            
            
            JVNDB: JVNDB-2017-012872 // 
            
            
            
            CNNVD: CNNVD-201712-326 // 
            
            
            
            NVD: CVE-2017-17147

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103411

SOURCES
db:CNVDid:CNVD-2017-38451
db:VULHUBid:VHN-108140
db:BIDid:103411
db:JVNDBid:JVNDB-2017-012872
db:CNNVDid:CNNVD-201712-326
db:NVDid:CVE-2017-17147

LAST UPDATE DATE
2024-11-23T23:12:14.040000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-38451date:2017-12-28T00:00:00
db:VULHUBid:VHN-108140date:2018-03-29T00:00:00
db:BIDid:103411date:2017-12-15T00:00:00
db:JVNDBid:JVNDB-2017-012872date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201712-326date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17147date:2024-11-21T03:17:34.890

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-38451date:2017-12-28T00:00:00
db:VULHUBid:VHN-108140date:2018-03-09T00:00:00
db:BIDid:103411date:2017-12-15T00:00:00
db:JVNDBid:JVNDB-2017-012872date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201712-326date:2017-12-08T00:00:00
db:NVDid:CVE-2017-17147date:2018-03-09T17:29:00.437