Sign-up

ID

VAR-201807-0210


CVE

CVE-2017-17317


TITLE

plural Huawei Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014022

DESCRIPTION

Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00 has a buffer overflow vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation, successful exploit may cause some services abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiUS6300 and other products are all products of China Huawei. The HuaweiUSG6300 is a firewall device. The TE30 is an all-in-one HD video conferencing terminal. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C02 Version, V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C01 Version, V100R001C10 version, V500R002C00 version, and V600R006C00 version

Trust: 2.25

sources: NVD: CVE-2017-17317 // JVNDB: JVNDB-2017-014022 // CNVD: CNVD-2018-12549 // VULHUB: VHN-108327

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-12549

AFFECTED PRODUCTS

vendor:huaweimodel:te30scope:eqversion:v100r001c10

Trust: 2.4

vendor:huaweimodel:te30scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te40scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te40scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:te50scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te50scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v100r001c01

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v100r001c10

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v500r002c00

Trust: 2.4

vendor:huaweimodel:te60scope:eqversion:v600r006c00

Trust: 2.4

vendor:huaweimodel:te30scope:eqversion:v100r001c02

Trust: 1.8

vendor:huaweimodel:te30scope:eqversion:v600r006c00

Trust: 1.8

vendor:huaweimodel:rp200scope:eqversion:v600r006c00

Trust: 1.0

vendor:huaweimodel:rp200scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300scope:eqversion:v500r002c00

Trust: 1.0

vendor:huaweimodel:dp300scope: - version: -

Trust: 0.8

vendor:huaweimodel:rp200scope: - version: -

Trust: 0.8

vendor:huaweimodel:dp300 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:rp200 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c02scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v100r001c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te30 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te40 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v500r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te50 v600r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:te60 v500r002c00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-12549 // JVNDB: JVNDB-2017-014022 // CNNVD: CNNVD-201807-076 // NVD: CVE-2017-17317

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17317
value: LOW

Trust: 1.0

NVD: CVE-2017-17317
value: LOW

Trust: 0.8

CNVD: CNVD-2018-12549
value: LOW

Trust: 0.6

CNNVD: CNNVD-201807-076
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108327
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17317
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-12549
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108327
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17317
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-12549 // VULHUB: VHN-108327 // JVNDB: JVNDB-2017-014022 // CNNVD: CNNVD-201807-076 // NVD: CVE-2017-17317

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-108327 // JVNDB: JVNDB-2017-014022 // NVD: CVE-2017-17317

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-076

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201807-076

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014022

PATCH
title:huawei-sa-20180630-01-copsurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180630-01-cops-en
Trust: 0.8
title:Patches for multiple Huawei product CommonOpenPolicyServiceProtocol module buffer overflow vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/133541
Trust: 0.6
title:Multiple Huawei product Common Open Policy Service Protocol Fixes for module buffer error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81674
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-12549 // 
            
            
            
            JVNDB: JVNDB-2017-014022 // 
            
            
            
            CNNVD: CNNVD-201807-076

EXTERNAL IDS
db:NVDid:CVE-2017-17317
Trust: 3.1
db:JVNDBid:JVNDB-2017-014022
Trust: 0.8
db:CNNVDid:CNNVD-201807-076
Trust: 0.7
db:CNVDid:CNVD-2018-12549
Trust: 0.6
db:VULHUBid:VHN-108327
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-12549 // 
            
            
            
            VULHUB: VHN-108327 // 
            
            
            
            JVNDB: JVNDB-2017-014022 // 
            
            
            
            CNNVD: CNNVD-201807-076 // 
            
            
            
            NVD: CVE-2017-17317

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180630-01-cops-en
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17317
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17317
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-12549 // 
            
            
            
            VULHUB: VHN-108327 // 
            
            
            
            JVNDB: JVNDB-2017-014022 // 
            
            
            
            CNNVD: CNNVD-201807-076 // 
            
            
            
            NVD: CVE-2017-17317

SOURCES
db:CNVDid:CNVD-2018-12549
db:VULHUBid:VHN-108327
db:JVNDBid:JVNDB-2017-014022
db:CNNVDid:CNNVD-201807-076
db:NVDid:CVE-2017-17317

LAST UPDATE DATE
2024-11-23T22:48:41.466000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-12549date:2018-07-04T00:00:00
db:VULHUBid:VHN-108327date:2018-08-24T00:00:00
db:JVNDBid:JVNDB-2017-014022date:2018-09-06T00:00:00
db:CNNVDid:CNNVD-201807-076date:2018-08-14T00:00:00
db:NVDid:CVE-2017-17317date:2024-11-21T03:17:49.513

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-12549date:2018-07-04T00:00:00
db:VULHUBid:VHN-108327date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2017-014022date:2018-09-06T00:00:00
db:CNNVDid:CNNVD-201807-076date:2018-07-03T00:00:00
db:NVDid:CVE-2017-17317date:2018-07-02T13:29:00.317