Lucene search

[email protected]CVE-2017-17136

HistoryMar 05, 2018 - 7:29 p.m.

CVE-2017-17136

2018-03-0519:29:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2017-17136

huawei

dp300

ips module

ngfw module

nip6300

nip6600

rp200

s12700

s1700

s2700

s5700

s6700

s7700

s9700

secospace usg6300

secospace usg6500

secospace usg6600

te30

te40

te50

te60

tp3106

tp3206

usg9500

viewpoint 9030

heap overflow

vulnerability

denial of service

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a heap overflow vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service.

Affected configurations

NVD

Node

huaweidp300_firmwareMatchv500r002c00

AND

huaweidp300Match-

Node

huaweiips_module_firmwareMatchv500r001c00

huaweiips_module_firmwareMatchv500r001c30

AND

huaweiips_moduleMatch-

Node

huaweingfw_module_firmwareMatchv500r001c00

huaweingfw_module_firmwareMatchv500r002c00

AND

huaweingfw_moduleMatch-

Node

huaweinip6300_firmwareMatchv500r001c00

huaweinip6300_firmwareMatchv500r001c30

AND

huaweinip6300Match-

Node

huaweinip6600_firmwareMatchv500r001c00

huaweinip6600_firmwareMatchv500r001c30

AND

huaweinip6600Match-

Node

huaweirp200_firmwareMatchv500r002c00

huaweirp200_firmwareMatchv600r006c00

AND

huaweirp200Match-

Node

huaweis12700_firmwareMatchv200r007c00

huaweis12700_firmwareMatchv200r007c01

huaweis12700_firmwareMatchv200r008c00

huaweis12700_firmwareMatchv200r009c00

huaweis12700_firmwareMatchv200r010c00

AND

huaweis12700Match-

Node

huaweis1700_firmwareMatchv200r006c10

huaweis1700_firmwareMatchv200r009c00

huaweis1700_firmwareMatchv200r010c00

AND

huaweis1700Match-

Node

huaweis2700_firmwareMatchv200r006c10

huaweis2700_firmwareMatchv200r007c00

huaweis2700_firmwareMatchv200r008c00

huaweis2700_firmwareMatchv200r009c00

huaweis2700_firmwareMatchv200r010c00

AND

huaweis2700Match-

Node

huaweis5700_firmwareMatchv200r006c00

huaweis5700_firmwareMatchv200r007c00

huaweis5700_firmwareMatchv200r008c00

huaweis5700_firmwareMatchv200r009c00

huaweis5700_firmwareMatchv200r010c00

AND

huaweis5700Match-

Node

huaweis6700_firmwareMatchv200r008c00

huaweis6700_firmwareMatchv200r009c00

huaweis6700_firmwareMatchv200r010c00

AND

huaweis6700Match-

Node

huaweis7700_firmwareMatchv200r007c00

huaweis7700_firmwareMatchv200r008c00

huaweis7700_firmwareMatchv200r009c00

huaweis7700_firmwareMatchv200r010c00

AND

huaweis7700Match-

Node

huaweis9700_firmwareMatchv200r007c00

huaweis9700_firmwareMatchv200r007c01

huaweis9700_firmwareMatchv200r008c00

huaweis9700_firmwareMatchv200r009c00

huaweis9700_firmwareMatchv200r010c00

AND

huaweis9700Match-

Node

huaweisecospace_usg6300_firmwareMatchv500r001c00

huaweisecospace_usg6300_firmwareMatchv500r001c30

AND

huaweisecospace_usg6300Match-

Node

huaweisecospace_usg6500_firmwareMatchv500r001c00

huaweisecospace_usg6500_firmwareMatchv500r001c30

AND

huaweisecospace_usg6500Match-

Node

huaweisecospace_usg6600_firmwareMatchv500r001c00

huaweisecospace_usg6600_firmwareMatchv500r001c30s

AND

huaweisecospace_usg6600Match-

Node

huaweite30_firmwareMatchv100r001c02

huaweite30_firmwareMatchv100r001c10

huaweite30_firmwareMatchv500r002c00

huaweite30_firmwareMatchv600r006c00

AND

huaweite30Match-

Node

huaweite40_firmwareMatchv500r002c00

huaweite40_firmwareMatchv600r006c00

AND

huaweite40Match-

Node

huaweite50_firmwareMatchv500r002c00

huaweite50_firmwareMatchv600r006c00

AND

huaweite50Match-

Node

huaweite60_firmwareMatchv100r001c02

huaweite60_firmwareMatchv100r001c10

huaweite60_firmwareMatchv500r002c00

huaweite60_firmwareMatchv600r006c00

AND

huaweite60Match-

Node

huaweitp3106_firmwareMatchv100r002c00

AND

huaweitp3106Match-

Node

huaweitp3206_firmwareMatchv100r002c00

huaweitp3206_firmwareMatchv100r002c10

AND

huaweitp3206Match-

Node

huaweiusg9500_firmwareMatchv500r001c00

huaweiusg9500_firmwareMatchv500r001c30

AND

huaweiusg9500Match-

Node

huaweiviewpoint_9030_firmwareMatchv100r011c02

huaweiviewpoint_9030_firmwareMatchv100r011c03

AND

huaweiviewpoint_9030Match-

CPENameOperatorVersion
huawei:dp300_firmwarehuawei dp300 firmwareeqv500r002c00

CPE	Name	Operator	Version
huawei:dp300_firmware	huawei dp300 firmware	eq	v500r002c00

CNA Affected

[
  {
    "product": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "DP300 V500R002C00"
      },
      {
        "status": "affected",
        "version": "IPS Module V500R001C00"
      },
      {
        "status": "affected",
        "version": "V500R001C30"
      },
      {
        "status": "affected",
        "version": "NGFW Module V500R001C00"
      },
      {
        "status": "affected",
        "version": "V500R002C00"
      },
      {
        "status": "affected",
        "version": "NIP6300 V500R001C00"
      },
      {
        "status": "affected",
        "version": "NIP6600 V500R001C00"
      },
      {
        "status": "affected",
        "version": "RP200 V500R002C00"
      },
      {
        "status": "affected",
        "version": "V600R006C00"
      },
      {
        "status": "affected",
        "version": "S12700 V200R007C00"
      },
      {
        "status": "affected",
        "version": "V200R007C01"
      },
      {
        "status": "affected",
        "version": "V200R008C00"
      },
      {
        "status": "affected",
        "version": "V200R009C00"
      },
      {
        "status": "affected",
        "version": "V200R010C00"
      },
      {
        "status": "affected",
        "version": "S1700 V200R006C10"
      },
      {
        "status": "affected",
        "version": "S2700 V200R006C10"
      },
      {
        "status": "affected",
        "version": "V200R007C00"
      },
      {
        "status": "affected",
        "version": "S5700 V200R006C00"
      },
      {
        "status": "affected",
        "version": "S6700 V200R008C00"
      },
      {
        "status": "affected",
        "version": "S7700 V200R007C00"
      },
      {
        "status": "affected",
        "version": "S9700 V200R007C00"
      },
      {
        "status": "affected",
        "version": "Secospace USG6300 V500R001C00"
      },
      {
        "status": "affected",
        "version": "Secospace USG6500 V500R001C00"
      },
      {
        "status": "affected",
        "version": "Secospace USG6600 V500R001C00"
      },
      {
        "status": "affected",
        "version": "V500R001C30S"
      },
      {
        "status": "affected",
        "version": "TE30 V100R001C02"
      },
      {
        "status": "affected",
        "version": "V100R001C10"
      },
      {
        "status": "affected",
        "version": "TE40 V500R002C00"
      },
      {
        "status": "affected",
        "version": "TE50 V500R002C00"
      },
      {
        "status": "affected",
        "version": "TE60 V100R001C01"
      },
      {
        "status": "affected",
        "version": "TP3106 V100R002C00"
      },
      {
        "status": "affected",
        "version": "TP3206 V100R002C00"
      },
      {
        "status": "affected",
        "version": "V100R002C10"
      },
      {
        "status": "affected",
        "version": "USG9500 V500R001C00"
      },
      {
        "status": "affected",
        "version": "ViewPoint 9030 V100R011C02"
      },
      {
        "status": "affected",
        "version": "V100R011C03"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2017-17136

prion1 cvelist1 nvd1 openvas1 huawei1