Details of VAR-201805-0177

ID

VAR-201805-0177

CVE

CVE-2017-17315

TITLE

plural Huawei Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-013461

DESCRIPTION

Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specially crafted SCCP messages to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause some services abnormal. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. A security vulnerability exists in several Huawei products due to insufficient verification messages from the program. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version

Trust: 2.25

sources: NVD: CVE-2017-17315 // JVNDB: JVNDB-2017-013461 // CNVD: CNVD-2018-10506 // VULHUB: VHN-108325

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-10506

AFFECTED PRODUCTS

vendor:	huawei	model:	te30	scope:	eq	version:	v100r001c10	Trust: 2.4
vendor:	huawei	model:	te30	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te30	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te40	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te40	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te50	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te50	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te60	scope:	eq	version:	v100r001c10	Trust: 2.4
vendor:	huawei	model:	te60	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te60	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	dp300	scope:	eq	version:	v500r002c00	Trust: 1.8
vendor:	huawei	model:	rp200	scope:	eq	version:	v600r006c00	Trust: 1.8
vendor:	huawei	model:	dp300 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v600r006c00	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-10506 // JVNDB: JVNDB-2017-013461 // CNNVD: CNNVD-201805-826 // NVD: CVE-2017-17315

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17315
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-17315
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-10506
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201805-826
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-108325
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-17315
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-10506
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-108325
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17315
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-10506 // VULHUB: VHN-108325 // JVNDB: JVNDB-2017-013461 // CNNVD: CNNVD-201805-826 // NVD: CVE-2017-17315

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-108325 // JVNDB: JVNDB-2017-013461 // NVD: CVE-2017-17315

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-826

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201805-826

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-013461

PATCH

title:	huawei-sa-20180502-01-sccp	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180502-01-sccp-en	Trust: 0.8
title:	Patch for multiple Huawei Product Denial of Service Vulnerabilities (CNVD-2018-10506)	url:	https://www.cnvd.org.cn/patchInfo/show/130559	Trust: 0.6
title:	Multiple Huawei Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83701	Trust: 0.6

sources: CNVD: CNVD-2018-10506 // JVNDB: JVNDB-2017-013461 // CNNVD: CNNVD-201805-826

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17315	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-013461	Trust: 0.8
db:	CNVD	id:	CNVD-2018-10506	Trust: 0.6
db:	CNNVD	id:	CNNVD-201805-826	Trust: 0.6
db:	VULHUB	id:	VHN-108325	Trust: 0.1

sources: CNVD: CNVD-2018-10506 // VULHUB: VHN-108325 // JVNDB: JVNDB-2017-013461 // CNNVD: CNNVD-201805-826 // NVD: CVE-2017-17315

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180502-01-sccp-en	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17315	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17315	Trust: 0.8

sources: CNVD: CNVD-2018-10506 // VULHUB: VHN-108325 // JVNDB: JVNDB-2017-013461 // CNNVD: CNNVD-201805-826 // NVD: CVE-2017-17315

SOURCES

db:	CNVD	id:	CNVD-2018-10506
db:	VULHUB	id:	VHN-108325
db:	JVNDB	id:	JVNDB-2017-013461
db:	CNNVD	id:	CNNVD-201805-826
db:	NVD	id:	CVE-2017-17315

LAST UPDATE DATE

2024-11-23T22:59:00.129000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-10506	date:	2018-05-29T00:00:00
db:	VULHUB	id:	VHN-108325	date:	2018-06-25T00:00:00
db:	JVNDB	id:	JVNDB-2017-013461	date:	2018-07-11T00:00:00
db:	CNNVD	id:	CNNVD-201805-826	date:	2018-05-25T00:00:00
db:	NVD	id:	CVE-2017-17315	date:	2024-11-21T03:17:49.257

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-10506	date:	2018-05-29T00:00:00
db:	VULHUB	id:	VHN-108325	date:	2018-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-013461	date:	2018-07-11T00:00:00
db:	CNNVD	id:	CNNVD-201805-826	date:	2018-05-25T00:00:00
db:	NVD	id:	CVE-2017-17315	date:	2018-05-24T14:29:00.297