Sign-up

ID

VAR-201803-1325


CVE

CVE-2017-17150


TITLE

plural Huawei Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012810

DESCRIPTION

Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS vulnerability due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to launch DOS attack. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300, RP200, and TE30/40/50/60 are Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A number of Huawei products, the Timergrp module, have a denial of service vulnerability because the program failed to fully check the parameters. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. Timergrp module is one of the timing modules. The Timergrp module in several Huawei products has a denial-of-service vulnerability. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Trust: 2.25

sources: NVD: CVE-2017-17150 // JVNDB: JVNDB-2017-012810 // CNVD: CNVD-2018-00342 // VULHUB: VHN-108144

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-00342

AFFECTED PRODUCTS

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:rp200scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:rp200scope: - version: -

Trust: 0.8

vendor:huaweimodel:te30scope: - version: -

Trust: 0.8

vendor:huaweimodel:te40scope: - version: -

Trust: 0.8

vendor:huaweimodel:te50scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-00342 // JVNDB: JVNDB-2017-012810 // CNNVD: CNNVD-201712-323 // NVD: CVE-2017-17150

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17150
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17150
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-00342
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-323
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108144
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-17150
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-00342
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108144
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17150
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-00342 // VULHUB: VHN-108144 // JVNDB: JVNDB-2017-012810 // CNNVD: CNNVD-201712-323 // NVD: CVE-2017-17150

PROBLEMTYPE DATA

problemtype:CWE-835

Trust: 1.1

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-108144 // JVNDB: JVNDB-2017-012810 // NVD: CVE-2017-17150

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201712-323

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201712-323

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012810

PATCH
title:huawei-sa-20171220-01-vppurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-vpp-en
Trust: 0.8
title:Patches for multiple Huawei products Timergrp module denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/112733
Trust: 0.6
title:Multiple Huawei product Timergrp Repair measures for module security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100242
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-00342 // 
            
            
            
            JVNDB: JVNDB-2017-012810 // 
            
            
            
            CNNVD: CNNVD-201712-323

EXTERNAL IDS
db:NVDid:CVE-2017-17150
Trust: 3.1
db:JVNDBid:JVNDB-2017-012810
Trust: 0.8
db:CNNVDid:CNNVD-201712-323
Trust: 0.7
db:CNVDid:CNVD-2018-00342
Trust: 0.6
db:VULHUBid:VHN-108144
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-00342 // 
            
            
            
            VULHUB: VHN-108144 // 
            
            
            
            JVNDB: JVNDB-2017-012810 // 
            
            
            
            CNNVD: CNNVD-201712-323 // 
            
            
            
            NVD: CVE-2017-17150

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-vpp-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17150
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17150
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171220-01-vpp-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-00342 // 
            
            
            
            VULHUB: VHN-108144 // 
            
            
            
            JVNDB: JVNDB-2017-012810 // 
            
            
            
            CNNVD: CNNVD-201712-323 // 
            
            
            
            NVD: CVE-2017-17150

SOURCES
db:CNVDid:CNVD-2018-00342
db:VULHUBid:VHN-108144
db:JVNDBid:JVNDB-2017-012810
db:CNNVDid:CNNVD-201712-323
db:NVDid:CVE-2017-17150

LAST UPDATE DATE
2024-11-23T23:08:46.192000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-00342date:2018-01-05T00:00:00
db:VULHUBid:VHN-108144date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-012810date:2018-04-19T00:00:00
db:CNNVDid:CNNVD-201712-323date:2019-10-23T00:00:00
db:NVDid:CVE-2017-17150date:2024-11-21T03:17:35.217

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-00342date:2018-01-05T00:00:00
db:VULHUBid:VHN-108144date:2018-03-09T00:00:00
db:JVNDBid:JVNDB-2017-012810date:2018-04-19T00:00:00
db:CNNVDid:CNNVD-201712-323date:2017-12-08T00:00:00
db:NVDid:CVE-2017-17150date:2018-03-09T17:29:00.597