Details of VAR-201804-0443

ID

VAR-201804-0443

CVE

CVE-2017-17310

TITLE

plural Huawei Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013297

DESCRIPTION

Electronic Numbers to URI Mapping (ENUM) module in some Huawei products DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a buffer error vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted ENUM packets to the affected products. Due to insufficient verification of some values in the packets, successful exploit may cause buffer error and some services abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. DP300, RP200, and TE30 are all network video communication devices of Huawei. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. The vulnerability is caused by the fact that the program does not fully verify the fields in the data packet. The following products and versions are affected: Huawei DP300 V500R002C00 Version, RP200 V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version

Trust: 2.25

sources: NVD: CVE-2017-17310 // JVNDB: JVNDB-2017-013297 // CNVD: CNVD-2018-07946 // VULHUB: VHN-108320

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-07946

AFFECTED PRODUCTS

vendor:	huawei	model:	te40	scope:	eq	version:	v600r006c00	Trust: 1.6
vendor:	huawei	model:	te50	scope:	eq	version:	v500r002c00	Trust: 1.6
vendor:	huawei	model:	te60	scope:	eq	version:	v100r001c10	Trust: 1.6
vendor:	huawei	model:	te60	scope:	eq	version:	v500r002c00	Trust: 1.6
vendor:	huawei	model:	te30	scope:	eq	version:	v500r002c00	Trust: 1.6
vendor:	huawei	model:	te40	scope:	eq	version:	v500r002c00	Trust: 1.6
vendor:	huawei	model:	te50	scope:	eq	version:	v600r006c00	Trust: 1.6
vendor:	huawei	model:	te60	scope:	eq	version:	v600r006c00	Trust: 1.6
vendor:	huawei	model:	te30	scope:	eq	version:	v600r006c00	Trust: 1.6
vendor:	huawei	model:	rp200	scope:	eq	version:	v600r006c00	Trust: 1.6
vendor:	huawei	model:	te30	scope:	eq	version:	v100r001c10	Trust: 1.0
vendor:	huawei	model:	dp300	scope:	eq	version:	v500r002c00spcb00	Trust: 1.0
vendor:	huawei	model:	dp300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	rp200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te30	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te40	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te50	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	te60	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	dp300 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v600r006c00	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-07946 // JVNDB: JVNDB-2017-013297 // CNNVD: CNNVD-201804-1126 // NVD: CVE-2017-17310

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17310
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-17310
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-07946
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201804-1126
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-108320
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-17310
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-07946
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-108320
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17310
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-07946 // VULHUB: VHN-108320 // JVNDB: JVNDB-2017-013297 // CNNVD: CNNVD-201804-1126 // NVD: CVE-2017-17310

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-108320 // JVNDB: JVNDB-2017-013297 // NVD: CVE-2017-17310

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1126

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201804-1126

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-013297

PATCH

title:	huawei-sa-20180418-01-enum	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-enum-en	Trust: 0.8
title:	Huawei multiple product ENUM module buffer overflow vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/126473	Trust: 0.6
title:	Multiple Huawei product Electronic Numbers to URI Mapping Repair measures for module security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81419	Trust: 0.6

sources: CNVD: CNVD-2018-07946 // JVNDB: JVNDB-2017-013297 // CNNVD: CNNVD-201804-1126

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17310	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-013297	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-1126	Trust: 0.7
db:	CNVD	id:	CNVD-2018-07946	Trust: 0.6
db:	VULHUB	id:	VHN-108320	Trust: 0.1

sources: CNVD: CNVD-2018-07946 // VULHUB: VHN-108320 // JVNDB: JVNDB-2017-013297 // CNNVD: CNNVD-201804-1126 // NVD: CVE-2017-17310

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-enum-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17310	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17310	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180418-01-enum-cn	Trust: 0.6

sources: CNVD: CNVD-2018-07946 // VULHUB: VHN-108320 // JVNDB: JVNDB-2017-013297 // CNNVD: CNNVD-201804-1126 // NVD: CVE-2017-17310

SOURCES

db:	CNVD	id:	CNVD-2018-07946
db:	VULHUB	id:	VHN-108320
db:	JVNDB	id:	JVNDB-2017-013297
db:	CNNVD	id:	CNNVD-201804-1126
db:	NVD	id:	CVE-2017-17310

LAST UPDATE DATE

2024-11-23T21:39:27.612000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-07946	date:	2018-04-19T00:00:00
db:	VULHUB	id:	VHN-108320	date:	2018-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-013297	date:	2018-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201804-1126	date:	2018-05-08T00:00:00
db:	NVD	id:	CVE-2017-17310	date:	2024-11-21T03:17:48.683

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-07946	date:	2018-04-19T00:00:00
db:	VULHUB	id:	VHN-108320	date:	2018-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-013297	date:	2018-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201804-1126	date:	2018-04-19T00:00:00
db:	NVD	id:	CVE-2017-17310	date:	2018-04-19T14:29:00.260