Sign-up

ID

VAR-201804-0445


CVE

CVE-2017-17314


TITLE

plural Huawei Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013359

DESCRIPTION

Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an invalid memory access vulnerability. An unauthenticated attacker has to find a way to send malformed SCCP messages to the affected products. Due to insufficient input validation of some values in the messages, successful exploit may cause buffer error and some service abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. A security vulnerability exists in several Huawei products due to a failure of the program to verify some of the fields in the message. There are security vulnerabilities in several Huawei products. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version

Trust: 2.25

sources: NVD: CVE-2017-17314 // JVNDB: JVNDB-2017-013359 // CNVD: CNVD-2018-08875 // VULHUB: VHN-108324

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-08875

AFFECTED PRODUCTS

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.6

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:rp200scope: - version: -

Trust: 0.8

vendor:huaweimodel:te30scope: - version: -

Trust: 0.8

vendor:huaweimodel:te40scope: - version: -

Trust: 0.8

vendor:huaweimodel:te50scope: - version: -

Trust: 0.8

vendor:huaweimodel:te60scope: - version: -

Trust: 0.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-08875 // JVNDB: JVNDB-2017-013359 // CNNVD: CNNVD-201805-046 // NVD: CVE-2017-17314

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17314
value: LOW

Trust: 1.0

NVD: CVE-2017-17314
value: LOW

Trust: 0.8

CNVD: CNVD-2018-08875
value: LOW

Trust: 0.6

CNNVD: CNNVD-201805-046
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108324
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17314
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-08875
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108324
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17314
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-08875 // VULHUB: VHN-108324 // JVNDB: JVNDB-2017-013359 // CNNVD: CNNVD-201805-046 // NVD: CVE-2017-17314

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-108324 // JVNDB: JVNDB-2017-013359 // NVD: CVE-2017-17314

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-046

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201805-046

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013359

PATCH
title:huawei-sa-20180425-02-bufferurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-02-buffer-en
Trust: 0.8
title:Patches for several Huawei Product Denial of Service Vulnerabilities (CNVD-2018-08875)url:https://www.cnvd.org.cn/patchInfo/show/128079
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79789
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08875 // 
            
            
            
            JVNDB: JVNDB-2017-013359 // 
            
            
            
            CNNVD: CNNVD-201805-046

EXTERNAL IDS
db:NVDid:CVE-2017-17314
Trust: 3.1
db:JVNDBid:JVNDB-2017-013359
Trust: 0.8
db:CNNVDid:CNNVD-201805-046
Trust: 0.7
db:CNVDid:CNVD-2018-08875
Trust: 0.6
db:VULHUBid:VHN-108324
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08875 // 
            
            
            
            VULHUB: VHN-108324 // 
            
            
            
            JVNDB: JVNDB-2017-013359 // 
            
            
            
            CNNVD: CNNVD-201805-046 // 
            
            
            
            NVD: CVE-2017-17314

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-02-buffer-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17314
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17314
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180425-02-buffer-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08875 // 
            
            
            
            VULHUB: VHN-108324 // 
            
            
            
            JVNDB: JVNDB-2017-013359 // 
            
            
            
            CNNVD: CNNVD-201805-046 // 
            
            
            
            NVD: CVE-2017-17314

SOURCES
db:CNVDid:CNVD-2018-08875
db:VULHUBid:VHN-108324
db:JVNDBid:JVNDB-2017-013359
db:CNNVDid:CNNVD-201805-046
db:NVDid:CVE-2017-17314

LAST UPDATE DATE
2024-11-23T22:22:07.434000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-08875date:2018-05-04T00:00:00
db:VULHUBid:VHN-108324date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2017-013359date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201805-046date:2018-05-02T00:00:00
db:NVDid:CVE-2017-17314date:2024-11-21T03:17:49.133

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-08875date:2018-05-04T00:00:00
db:VULHUBid:VHN-108324date:2018-04-30T00:00:00
db:JVNDBid:JVNDB-2017-013359date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201805-046date:2018-05-02T00:00:00
db:NVDid:CVE-2017-17314date:2018-04-30T14:29:00.207