Sign-up

ID

VAR-201804-0442


CVE

CVE-2017-17308


TITLE

plural Huawei Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-013295

DESCRIPTION

SCCPX module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 has an invalid memory access vulnerability. An unauthenticated, remote attacker may send specially crafted packets to the affected products. Due to insufficient validation of packets, successful exploit may cause some services abnormal. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. SCCPXmodule is one of the signaling link control modules. A security vulnerability exists in the SCCPX module in several Huawei products due to insufficient verification of the packet by the program. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Trust: 2.25

sources: NVD: CVE-2017-17308 // JVNDB: JVNDB-2017-013295 // CNVD: CNVD-2018-07660 // VULHUB: VHN-108317

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-07660

AFFECTED PRODUCTS

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:dp300scope:eqversion:v500r002c00spcb00

Trust: 1.0

vendor:huaweimodel:rp200scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:rp200scope: - version: -

Trust: 0.8

vendor:huaweimodel:te30scope: - version: -

Trust: 0.8

vendor:huaweimodel:te40scope: - version: -

Trust: 0.8

vendor:huaweimodel:te50scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-07660 // JVNDB: JVNDB-2017-013295 // CNNVD: CNNVD-201804-529 // NVD: CVE-2017-17308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17308
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17308
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-07660
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201804-529
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108317
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17308
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-07660
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108317
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17308
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-07660 // VULHUB: VHN-108317 // JVNDB: JVNDB-2017-013295 // CNNVD: CNNVD-201804-529 // NVD: CVE-2017-17308

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-108317 // JVNDB: JVNDB-2017-013295 // NVD: CVE-2017-17308

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-529

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201804-529

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013295

PATCH
title:huawei-sa-20180411-01-sccpxurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-sccpx-en
Trust: 0.8
title:Patches for various Huawei products SCCPX module denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/125593
Trust: 0.6
title:Multiple Huawei product SCCPX Repair measures for module security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83291
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-07660 // 
            
            
            
            JVNDB: JVNDB-2017-013295 // 
            
            
            
            CNNVD: CNNVD-201804-529

EXTERNAL IDS
db:NVDid:CVE-2017-17308
Trust: 3.1
db:JVNDBid:JVNDB-2017-013295
Trust: 0.8
db:CNNVDid:CNNVD-201804-529
Trust: 0.7
db:CNVDid:CNVD-2018-07660
Trust: 0.6
db:VULHUBid:VHN-108317
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-07660 // 
            
            
            
            VULHUB: VHN-108317 // 
            
            
            
            JVNDB: JVNDB-2017-013295 // 
            
            
            
            CNNVD: CNNVD-201804-529 // 
            
            
            
            NVD: CVE-2017-17308

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-sccpx-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17308
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17308
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180411-01-sccpx-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-07660 // 
            
            
            
            VULHUB: VHN-108317 // 
            
            
            
            JVNDB: JVNDB-2017-013295 // 
            
            
            
            CNNVD: CNNVD-201804-529 // 
            
            
            
            NVD: CVE-2017-17308

SOURCES
db:CNVDid:CNVD-2018-07660
db:VULHUBid:VHN-108317
db:JVNDBid:JVNDB-2017-013295
db:CNNVDid:CNNVD-201804-529
db:NVDid:CVE-2017-17308

LAST UPDATE DATE
2024-11-23T22:06:56.461000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-07660date:2018-04-13T00:00:00
db:VULHUBid:VHN-108317date:2018-05-23T00:00:00
db:JVNDBid:JVNDB-2017-013295date:2018-06-19T00:00:00
db:CNNVDid:CNNVD-201804-529date:2018-04-12T00:00:00
db:NVDid:CVE-2017-17308date:2024-11-21T03:17:48.460

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-07660date:2018-04-13T00:00:00
db:VULHUBid:VHN-108317date:2018-04-11T00:00:00
db:JVNDBid:JVNDB-2017-013295date:2018-06-19T00:00:00
db:CNNVDid:CNNVD-201804-529date:2018-04-12T00:00:00
db:NVDid:CVE-2017-17308date:2018-04-11T17:29:00.207