Sign-up

ID

VAR-201803-1331


CVE

CVE-2017-17136


TITLE

plural Huawei Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012865

DESCRIPTION

PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a heap overflow vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300, IPSModule, and NGFWModule are all products of China Huawei. DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. The following products and versions are affected: Huawei DP300 V500R002C00 Version; IPS Module V500R001C00 Version, V500R001C30 Version; NGFW Module V500R001C00 Version, V500R002C00 Version; NIP6300 V500R001C00 Version, V500R001C30 Version; NIP6600 V500R001C00 Version, V500R001C30 Version; RP200 V500R002C00 Version, V600R006C00 Version; S12700 V200R007C00 Version, V200R007C01 Version, V200R008C00 Version, V200R009C00 Version, V200R010C00 Version; S1700 V200R006C10 Version, V200R009C00 Version, V200R010C00 Version; S2700 V200R006C10 Version, V200R007C00 Version, V200R008C00 Version, V200R009C00 Version, V200R010C00 Version; S5700 V200R006C00 Version, V200R007C00 Version, V200R008C00 Version, V200R009C00 Version, V200R010C00 Version; S6700 V200R008C00 Version, V200R009C00 Version, V200R010C00 Version; S7700 V200R007C00 Version, V200R008C00 Version, V200R009C00 Version, V200R010C00 Version; S9700 V200R007C00 Version, V200R007C01 Version, V200R008C00 Version, V200R009C00 Version, V200R010C00 Version; Secospace

Trust: 2.25

sources: NVD: CVE-2017-17136 // JVNDB: JVNDB-2017-012865 // CNVD: CNVD-2017-38289 // VULHUB: VHN-108128

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38289

AFFECTED PRODUCTS

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:secospace usg6500scope:eqversion:v500r001c30

Trust: 1.6

vendor:huaweimodel:secospace usg6500scope:eqversion:v500r001c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v100r001c02

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c00

Trust: 1.6

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c30s

Trust: 1.6

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:s12700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r007c01

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:viewpoint 9030scope:eqversion:v100r011c02

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:ips modulescope:eqversion:v500r001c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:ips modulescope:eqversion:v500r001c30

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v100r001c02

Trust: 1.0

vendor:huaweimodel:tp3106scope:eqversion:v100r002c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:rp200scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:nip6300scope:eqversion:v500r001c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s1700scope:eqversion:v200r006c10

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:s1700scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:nip6300scope:eqversion:v500r001c30

Trust: 1.0

vendor:huaweimodel:s1700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r007c01

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:tp3206scope:eqversion:v100r002c10

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:secospace usg6300scope:eqversion:v500r001c00

Trust: 1.0

vendor:huaweimodel:usg9500scope:eqversion:v500r001c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:usg9500scope:eqversion:v500r001c30

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:secospace usg6300scope:eqversion:v500r001c30

Trust: 1.0

vendor:huaweimodel:ngfw modulescope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:nip6600scope:eqversion:v500r001c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:nip6600scope:eqversion:v500r001c30

Trust: 1.0

vendor:huaweimodel:viewpoint 9030scope:eqversion:v100r011c03

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:tp3206scope:eqversion:v100r002c00

Trust: 1.0

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.0

vendor:huaweimodel:ngfw modulescope:eqversion:v500r001c00

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:ips modulescope: - version: -

Trust: 0.8

vendor:huaweimodel:ngfw modulescope: - version: -

Trust: 0.8

vendor:huaweimodel:nip6300scope: - version: -

Trust: 0.8

vendor:huaweimodel:nip6600scope: - version: -

Trust: 0.8

vendor:huaweimodel:rp200scope: - version: -

Trust: 0.8

vendor:huaweimodel:s12700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s1700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s2700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s6700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s7700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9700scope: - version: -

Trust: 0.8

vendor:huaweimodel:secospace usg6300scope: - version: -

Trust: 0.8

vendor:huaweimodel:secospace usg6500scope: - version: -

Trust: 0.8

vendor:huaweimodel:secospace usg6600scope: - version: -

Trust: 0.8

vendor:huaweimodel:te30scope: - version: -

Trust: 0.8

vendor:huaweimodel:te40scope: - version: -

Trust: 0.8

vendor:huaweimodel:te50scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:tp3106scope: - version: -

Trust: 0.8

vendor:huaweimodel:tp3206scope: - version: -

Trust: 0.8

vendor:huaweimodel:usg9500scope: - version: -

Trust: 0.8

vendor:huaweimodel:viewpoint 9030scope: - version: -

Trust: 0.8

vendor:huaweimodel:ips module v500r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:nip6300 v500r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:nip6600 v500r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace usg6300 v500r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace usg6500 v500r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace usg6600 v500r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:viewpoint v100r011c03scope:eqversion:9030

Trust: 0.6

vendor:huaweimodel:viewpoint v100r011c02scope:eqversion:9030

Trust: 0.6

vendor:huaweimodel:tp3206 v100r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:tp3106 v100r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ips module v500r001c30scope: - version: -

Trust: 0.6

vendor:huaweimodel:nip6300 v500r001c30scope: - version: -

Trust: 0.6

vendor:huaweimodel:nip6600 v500r001c30scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace usg6300 v500r001c30scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace usg6500 v100r001c30scope: - version: -

Trust: 0.6

vendor:huaweimodel:tp3206 v100r002c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:s1700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s1700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s1700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r006c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r007c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace usg6600 v500r001c30sscope: - version: -

Trust: 0.6

vendor:huaweimodel:ngfw module v500r001c30scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-38289 // JVNDB: JVNDB-2017-012865 // CNNVD: CNNVD-201712-129 // NVD: CVE-2017-17136

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17136
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17136
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-38289
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-129
value: LOW

Trust: 0.6

VULHUB: VHN-108128
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-17136
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-38289
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108128
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17136
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-38289 // VULHUB: VHN-108128 // JVNDB: JVNDB-2017-012865 // CNNVD: CNNVD-201712-129 // NVD: CVE-2017-17136

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-108128 // JVNDB: JVNDB-2017-012865 // NVD: CVE-2017-17136

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201712-129

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201712-129

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012865

PATCH
title:huawei-sa-20171206-01-pemurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en
Trust: 0.8
title:Patches for multiple Huawei product PEM module heap overflow vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/111827
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38289 // 
            
            
            
            JVNDB: JVNDB-2017-012865

EXTERNAL IDS
db:NVDid:CVE-2017-17136
Trust: 3.1
db:JVNDBid:JVNDB-2017-012865
Trust: 0.8
db:CNNVDid:CNNVD-201712-129
Trust: 0.7
db:CNVDid:CNVD-2017-38289
Trust: 0.6
db:VULHUBid:VHN-108128
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-38289 // 
            
            
            
            VULHUB: VHN-108128 // 
            
            
            
            JVNDB: JVNDB-2017-012865 // 
            
            
            
            CNNVD: CNNVD-201712-129 // 
            
            
            
            NVD: CVE-2017-17136

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17136
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17136
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171206-01-pem-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38289 // 
            
            
            
            VULHUB: VHN-108128 // 
            
            
            
            JVNDB: JVNDB-2017-012865 // 
            
            
            
            CNNVD: CNNVD-201712-129 // 
            
            
            
            NVD: CVE-2017-17136

SOURCES
db:CNVDid:CNVD-2017-38289
db:VULHUBid:VHN-108128
db:JVNDBid:JVNDB-2017-012865
db:CNNVDid:CNNVD-201712-129
db:NVDid:CVE-2017-17136

LAST UPDATE DATE
2024-11-23T22:26:26.828000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-38289date:2017-12-27T00:00:00
db:VULHUBid:VHN-108128date:2018-03-27T00:00:00
db:JVNDBid:JVNDB-2017-012865date:2018-04-25T00:00:00
db:CNNVDid:CNNVD-201712-129date:2018-03-06T00:00:00
db:NVDid:CVE-2017-17136date:2024-11-21T03:17:33.370

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-38289date:2017-12-27T00:00:00
db:VULHUBid:VHN-108128date:2018-03-05T00:00:00
db:JVNDBid:JVNDB-2017-012865date:2018-04-25T00:00:00
db:CNNVDid:CNNVD-201712-129date:2017-12-05T00:00:00
db:NVDid:CVE-2017-17136date:2018-03-05T19:29:00.487