Lucene search

K
cveHuaweiCVE-2017-17138
HistoryMar 05, 2018 - 7:29 p.m.

CVE-2017-17138

2018-03-0519:29:00
CWE-20
huawei
web.nvd.nist.gov
30
cve-2017-17138
dos
vulnerability
huawei
pem module
dp300
ips module
ngfw module
nip6300
nip6600
rp200
s12700
s1700
s2700
s5700
s6700
s7700
s9700
secospace usg6300
secospace usg6500
secospace usg6600
te30
te40
te50
te60
tp3106
tp3206
usg9500
viewpoint 9030
nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.2

Confidence

High

EPSS

0

Percentile

5.1%

PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a DoS vulnerability in PEM module of Huawei products due to insufficient verification. An authenticated local attacker can make processing into deadloop by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service.

Affected configurations

Nvd
Vulners
Node
huaweidp300_firmwareMatchv500r002c00
AND
huaweidp300Match-
Node
huaweiips_module_firmwareMatchv500r001c00
OR
huaweiips_module_firmwareMatchv500r001c30
AND
huaweiips_moduleMatch-
Node
huaweingfw_module_firmwareMatchv500r001c00
OR
huaweingfw_module_firmwareMatchv500r002c00
AND
huaweingfw_moduleMatch-
Node
huaweinip6300_firmwareMatchv500r001c00
OR
huaweinip6300_firmwareMatchv500r001c30
AND
huaweinip6300Match-
Node
huaweinip6600_firmwareMatchv500r001c00
OR
huaweinip6600_firmwareMatchv500r001c30
AND
huaweinip6600Match-
Node
huaweirp200_firmwareMatchv500r002c00
OR
huaweirp200_firmwareMatchv600r006c00
AND
huaweirp200Match-
Node
huaweis12700_firmwareMatchv200r007c00
OR
huaweis12700_firmwareMatchv200r007c01
OR
huaweis12700_firmwareMatchv200r008c00
OR
huaweis12700_firmwareMatchv200r009c00
OR
huaweis12700_firmwareMatchv200r010c00
AND
huaweis12700Match-
Node
huaweis1700_firmwareMatchv200r006c10
OR
huaweis1700_firmwareMatchv200r009c00
OR
huaweis1700_firmwareMatchv200r010c00
AND
huaweis1700Match-
Node
huaweis2700_firmwareMatchv200r006c10
OR
huaweis2700_firmwareMatchv200r007c00
OR
huaweis2700_firmwareMatchv200r008c00
OR
huaweis2700_firmwareMatchv200r009c00
OR
huaweis2700_firmwareMatchv200r010c00
AND
huaweis2700Match-
Node
huaweis5700_firmwareMatchv200r006c00
OR
huaweis5700_firmwareMatchv200r007c00
OR
huaweis5700_firmwareMatchv200r008c00
OR
huaweis5700_firmwareMatchv200r009c00
OR
huaweis5700_firmwareMatchv200r010c00
AND
huaweis5700Match-
Node
huaweis6700_firmwareMatchv200r008c00
OR
huaweis6700_firmwareMatchv200r009c00
OR
huaweis6700_firmwareMatchv200r010c00
AND
huaweis6700Match-
Node
huaweis7700_firmwareMatchv200r007c00
OR
huaweis7700_firmwareMatchv200r008c00
OR
huaweis7700_firmwareMatchv200r009c00
OR
huaweis7700_firmwareMatchv200r010c00
AND
huaweis7700Match-
Node
huaweis9700_firmwareMatchv200r007c00
OR
huaweis9700_firmwareMatchv200r007c01
OR
huaweis9700_firmwareMatchv200r008c00
OR
huaweis9700_firmwareMatchv200r009c00
OR
huaweis9700_firmwareMatchv200r010c00
AND
huaweis9700Match-
Node
huaweisecospace_usg6300_firmwareMatchv500r001c00
OR
huaweisecospace_usg6300_firmwareMatchv500r001c30
AND
huaweisecospace_usg6300Match-
Node
huaweisecospace_usg6500_firmwareMatchv500r001c00
OR
huaweisecospace_usg6500_firmwareMatchv500r001c30
AND
huaweisecospace_usg6500Match-
Node
huaweisecospace_usg6600_firmwareMatchv500r001c00
OR
huaweisecospace_usg6600_firmwareMatchv500r001c30s
AND
huaweisecospace_usg6600Match-
Node
huaweite30_firmwareMatchv100r001c02
OR
huaweite30_firmwareMatchv100r001c10
OR
huaweite30_firmwareMatchv500r002c00
OR
huaweite30_firmwareMatchv600r006c00
AND
huaweite30Match-
Node
huaweite40_firmwareMatchv500r002c00
OR
huaweite40_firmwareMatchv600r006c00
AND
huaweite40Match-
Node
huaweite50_firmwareMatchv500r002c00
OR
huaweite50_firmwareMatchv600r006c00
AND
huaweite50Match-
Node
huaweite60_firmwareMatchv100r001c02
OR
huaweite60_firmwareMatchv100r001c10
OR
huaweite60_firmwareMatchv500r002c00
OR
huaweite60_firmwareMatchv600r006c00
AND
huaweite60Match-
Node
huaweitp3106_firmwareMatchv100r002c00
AND
huaweitp3106Match-
Node
huaweitp3206_firmwareMatchv100r002c00
OR
huaweitp3206_firmwareMatchv100r002c10
AND
huaweitp3206Match-
Node
huaweiusg9500_firmwareMatchv500r001c00
OR
huaweiusg9500_firmwareMatchv500r001c30
AND
huaweiusg9500Match-
Node
huaweiviewpoint_9030_firmwareMatchv100r011c02
OR
huaweiviewpoint_9030_firmwareMatchv100r011c03
AND
huaweiviewpoint_9030Match-
VendorProductVersionCPE
huaweidp300_firmwarev500r002c00cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*
huaweidp300-cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*
huaweiips_module_firmwarev500r001c00cpe:2.3:o:huawei:ips_module_firmware:v500r001c00:*:*:*:*:*:*:*
huaweiips_module_firmwarev500r001c30cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*
huaweiips_module-cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*
huaweingfw_module_firmwarev500r001c00cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*
huaweingfw_module_firmwarev500r002c00cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:*
huaweingfw_module-cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*
huaweinip6300_firmwarev500r001c00cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:*
huaweinip6300_firmwarev500r001c30cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*
Rows per page:
1-10 of 901

CNA Affected

[
  {
    "product": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "DP300 V500R002C00"
      },
      {
        "status": "affected",
        "version": "IPS Module V500R001C00"
      },
      {
        "status": "affected",
        "version": "V500R001C30"
      },
      {
        "status": "affected",
        "version": "NGFW Module V500R001C00"
      },
      {
        "status": "affected",
        "version": "V500R002C00"
      },
      {
        "status": "affected",
        "version": "NIP6300 V500R001C00"
      },
      {
        "status": "affected",
        "version": "NIP6600 V500R001C00"
      },
      {
        "status": "affected",
        "version": "RP200 V500R002C00"
      },
      {
        "status": "affected",
        "version": "V600R006C00"
      },
      {
        "status": "affected",
        "version": "S12700 V200R007C00"
      },
      {
        "status": "affected",
        "version": "V200R007C01"
      },
      {
        "status": "affected",
        "version": "V200R008C00"
      },
      {
        "status": "affected",
        "version": "V200R009C00"
      },
      {
        "status": "affected",
        "version": "V200R010C00"
      },
      {
        "status": "affected",
        "version": "S1700 V200R006C10"
      },
      {
        "status": "affected",
        "version": "S2700 V200R006C10"
      },
      {
        "status": "affected",
        "version": "V200R007C00"
      },
      {
        "status": "affected",
        "version": "S5700 V200R006C00"
      },
      {
        "status": "affected",
        "version": "S6700 V200R008C00"
      },
      {
        "status": "affected",
        "version": "S7700 V200R007C00"
      },
      {
        "status": "affected",
        "version": "S9700 V200R007C00"
      },
      {
        "status": "affected",
        "version": "Secospace USG6300 V500R001C00"
      },
      {
        "status": "affected",
        "version": "Secospace USG6500 V500R001C00"
      },
      {
        "status": "affected",
        "version": "Secospace USG6600 V500R001C00"
      },
      {
        "status": "affected",
        "version": "V500R001C30S"
      },
      {
        "status": "affected",
        "version": "TE30 V100R001C02"
      },
      {
        "status": "affected",
        "version": "V100R001C10"
      },
      {
        "status": "affected",
        "version": "TE40 V500R002C00"
      },
      {
        "status": "affected",
        "version": "TE50 V500R002C00"
      },
      {
        "status": "affected",
        "version": "TE60 V100R001C01"
      },
      {
        "status": "affected",
        "version": "TP3106 V100R002C00"
      },
      {
        "status": "affected",
        "version": "TP3206 V100R002C00"
      },
      {
        "status": "affected",
        "version": "V100R002C10"
      },
      {
        "status": "affected",
        "version": "USG9500 V500R001C00"
      },
      {
        "status": "affected",
        "version": "ViewPoint 9030 V100R011C02"
      },
      {
        "status": "affected",
        "version": "V100R011C03"
      }
    ]
  }
]

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.2

Confidence

High

EPSS

0

Percentile

5.1%

Related for CVE-2017-17138