Details of VAR-201807-0209

ID

VAR-201807-0209

CVE

CVE-2017-17316

TITLE

plural Huawei Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014050

DESCRIPTION

Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker has to control the peer device and craft the Signalling Connection Control Part (SCCP) messages to the target devices. Due to insufficient input validation of some values in the messages, successful exploit will cause out-of-bounds read and some services abnormal. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Trust: 2.25

sources: NVD: CVE-2017-17316 // JVNDB: JVNDB-2017-014050 // CNVD: CNVD-2018-12543 // VULHUB: VHN-108326

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-12543

AFFECTED PRODUCTS

vendor:	huawei	model:	dp300	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	rp200	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	rp200	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te30	scope:	eq	version:	v100r001c10	Trust: 2.4
vendor:	huawei	model:	te30	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te30	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te40	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te40	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te50	scope:	eq	version:	v500r002c00	Trust: 2.4
vendor:	huawei	model:	te50	scope:	eq	version:	v600r006c00	Trust: 2.4
vendor:	huawei	model:	te60	scope:	eq	version:	v100r001c10	Trust: 1.8
vendor:	huawei	model:	te60	scope:	eq	version:	v500r002c00	Trust: 1.8
vendor:	huawei	model:	te60	scope:	eq	version:	v600r006c00	Trust: 1.8
vendor:	huawei	model:	dp300 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v600r006c00	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-12543 // JVNDB: JVNDB-2017-014050 // CNNVD: CNNVD-201807-077 // NVD: CVE-2017-17316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17316
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-17316
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-12543
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201807-077
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-108326
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-17316
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-12543
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-108326
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17316
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-12543 // VULHUB: VHN-108326 // JVNDB: JVNDB-2017-014050 // CNNVD: CNNVD-201807-077 // NVD: CVE-2017-17316

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.9

sources: VULHUB: VHN-108326 // JVNDB: JVNDB-2017-014050 // NVD: CVE-2017-17316

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-077

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201807-077

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014050

PATCH

title:	huawei-sa-20180630-01-sccp	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180630-01-sccp-en	Trust: 0.8
title:	Patches of various Huawei products that cross-border read vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/133539	Trust: 0.6
title:	Multiple Huawei Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81675	Trust: 0.6

sources: CNVD: CNVD-2018-12543 // JVNDB: JVNDB-2017-014050 // CNNVD: CNNVD-201807-077

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17316	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-014050	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-077	Trust: 0.7
db:	CNVD	id:	CNVD-2018-12543	Trust: 0.6
db:	VULHUB	id:	VHN-108326	Trust: 0.1

sources: CNVD: CNVD-2018-12543 // VULHUB: VHN-108326 // JVNDB: JVNDB-2017-014050 // CNNVD: CNNVD-201807-077 // NVD: CVE-2017-17316

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180630-01-sccp-en	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17316	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17316	Trust: 0.8

sources: CNVD: CNVD-2018-12543 // VULHUB: VHN-108326 // JVNDB: JVNDB-2017-014050 // CNNVD: CNNVD-201807-077 // NVD: CVE-2017-17316

SOURCES

db:	CNVD	id:	CNVD-2018-12543
db:	VULHUB	id:	VHN-108326
db:	JVNDB	id:	JVNDB-2017-014050
db:	CNNVD	id:	CNNVD-201807-077
db:	NVD	id:	CVE-2017-17316

LAST UPDATE DATE

2024-11-23T22:45:17.378000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-12543	date:	2018-07-04T00:00:00
db:	VULHUB	id:	VHN-108326	date:	2018-09-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-014050	date:	2018-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201807-077	date:	2018-07-03T00:00:00
db:	NVD	id:	CVE-2017-17316	date:	2024-11-21T03:17:49.387

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-12543	date:	2018-07-04T00:00:00
db:	VULHUB	id:	VHN-108326	date:	2018-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-014050	date:	2018-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201807-077	date:	2018-07-03T00:00:00
db:	NVD	id:	CVE-2017-17316	date:	2018-07-02T13:29:00.257