Sign-up

ID

VAR-201803-1323


CVE

CVE-2017-17148


TITLE

Huawei DP300 Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012873

DESCRIPTION

Huawei DP300 V500R002C00 have a DoS vulnerability due to the lack of validation when the malloc is called. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks. Huawei DP300 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 is a video conferencing terminal of China's Huawei company. The HuaweiDP300XML parser has a denial of service vulnerability because the product was not fully verified when calling malloc to request memory. Mutiple Huawei Products are prone to local denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. There is a denial of service vulnerability in the Huawei DP300 V500R002C00 version

Trust: 2.52

sources: NVD: CVE-2017-17148 // JVNDB: JVNDB-2017-012873 // CNVD: CNVD-2017-38452 // BID: 103412 // VULHUB: VHN-108141

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38452

AFFECTED PRODUCTS

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.4

vendor:huaweimodel:dp300scope:lteversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:dp300 v500r002c00spcb00scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-38452 // BID: 103412 // JVNDB: JVNDB-2017-012873 // CNNVD: CNNVD-201712-325 // NVD: CVE-2017-17148

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17148
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17148
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-38452
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-325
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108141
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17148
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-38452
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108141
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17148
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-38452 // VULHUB: VHN-108141 // JVNDB: JVNDB-2017-012873 // CNNVD: CNNVD-201712-325 // NVD: CVE-2017-17148

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-108141 // JVNDB: JVNDB-2017-012873 // NVD: CVE-2017-17148

THREAT TYPE

local

Trust: 0.9

sources: BID: 103412 // CNNVD: CNNVD-201712-325

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201712-325

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012873

PATCH
title:huawei-sa-20171215-01-xml url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-xml-en
Trust: 0.8
title:HuaweiDP300XML parser denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/112081
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38452 // 
            
            
            
            JVNDB: JVNDB-2017-012873

EXTERNAL IDS
db:NVDid:CVE-2017-17148
Trust: 3.4
db:JVNDBid:JVNDB-2017-012873
Trust: 0.8
db:CNNVDid:CNNVD-201712-325
Trust: 0.7
db:CNVDid:CNVD-2017-38452
Trust: 0.6
db:NSFOCUSid:39156
Trust: 0.6
db:BIDid:103412
Trust: 0.4
db:VULHUBid:VHN-108141
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-38452 // 
            
            
            
            VULHUB: VHN-108141 // 
            
            
            
            BID: 103412 // 
            
            
            
            JVNDB: JVNDB-2017-012873 // 
            
            
            
            CNNVD: CNNVD-201712-325 // 
            
            
            
            NVD: CVE-2017-17148

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-xml-en
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17148
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17148
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171215-01-xml-cn
Trust: 0.6
url:http://www.nsfocus.net/vulndb/39156
Trust: 0.6
url:http://www.huawei.com/en/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-38452 // 
            
            
            
            VULHUB: VHN-108141 // 
            
            
            
            BID: 103412 // 
            
            
            
            JVNDB: JVNDB-2017-012873 // 
            
            
            
            CNNVD: CNNVD-201712-325 // 
            
            
            
            NVD: CVE-2017-17148

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103412

SOURCES
db:CNVDid:CNVD-2017-38452
db:VULHUBid:VHN-108141
db:BIDid:103412
db:JVNDBid:JVNDB-2017-012873
db:CNNVDid:CNNVD-201712-325
db:NVDid:CVE-2017-17148

LAST UPDATE DATE
2024-11-23T22:06:58.035000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-38452date:2017-12-28T00:00:00
db:VULHUBid:VHN-108141date:2018-03-29T00:00:00
db:BIDid:103412date:2017-12-15T00:00:00
db:JVNDBid:JVNDB-2017-012873date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201712-325date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17148date:2024-11-21T03:17:35

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-38452date:2017-12-28T00:00:00
db:VULHUBid:VHN-108141date:2018-03-09T00:00:00
db:BIDid:103412date:2017-12-15T00:00:00
db:JVNDBid:JVNDB-2017-012873date:2018-04-26T00:00:00
db:CNNVDid:CNNVD-201712-325date:2017-12-08T00:00:00
db:NVDid:CVE-2017-17148date:2018-03-09T17:29:00.487