Lucene search

HuaweiCVE-2017-15342

HistoryFeb 15, 2018 - 4:29 p.m.

CVE-2017-15342

2018-02-1516:29:00

CWE-119

huawei

web.nvd.nist.gov

huawei

denial of service

vulnerability

ssl

buffer overflow

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

59.1%

JSON

Huawei DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, eSpace U1981 V200R003C30SPC100 have a denial of service vulnerability. The software does not correctly calculate the rest size in a buffer when handling SSL connections. A remote unauthenticated attacker could send a lot of crafted SSL messages to the device, successful exploit could cause no space in the buffer and then denial of service.

Affected configurations

Nvd

Node

huaweidp300_firmwareMatchv500r002c00

AND

huaweidp300Match-

Node

huaweite60_firmwareMatchv600r006c00

AND

huaweite60Match-

Node

huaweitp3106_firmwareMatchv100r002c00

AND

huaweitp3106Match-

Node

huaweiespace_u1981_firmwareMatchv200r003c30spc100

AND

huaweiespace_u1981Match-

VendorProductVersionCPE
huaweidp300_firmwarev500r002c00cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*
huaweidp300-cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*
huaweite60_firmwarev600r006c00cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*
huaweite60-cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*
huaweitp3106_firmwarev100r002c00cpe:2.3:o:huawei:tp3106_firmware:v100r002c00:*:*:*:*:*:*:*
huaweitp3106-cpe:2.3:h:huawei:tp3106:-:*:*:*:*:*:*:*
huaweiespace_u1981_firmwarev200r003c30spc100cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c30spc100:*:*:*:*:*:*:*
huaweiespace_u1981-cpe:2.3:h:huawei:espace_u1981:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	dp300_firmware	v500r002c00	cpe:2.3:o:huawei:dp300_firmware:v500r002c00:::::::*
huawei	dp300	-	cpe:2.3:h:huawei:dp300:-:::::::*
huawei	te60_firmware	v600r006c00	cpe:2.3:o:huawei:te60_firmware:v600r006c00:::::::*
huawei	te60	-	cpe:2.3:h:huawei:te60:-:::::::*
huawei	tp3106_firmware	v100r002c00	cpe:2.3:o:huawei:tp3106_firmware:v100r002c00:::::::*
huawei	tp3106	-	cpe:2.3:h:huawei:tp3106:-:::::::*
huawei	espace_u1981_firmware	v200r003c30spc100	cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c30spc100:::::::*
huawei	espace_u1981	-	cpe:2.3:h:huawei:espace_u1981:-:::::::*

CNA Affected

[
  {
    "product": "DP300,TE60,TP3106,eSpace U1981",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, eSpace U1981 V200R003C30SPC100"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ssl-en

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

59.1%

JSON

Related for CVE-2017-15342