Lucene search

K
cve[email protected]CVE-2017-17141
HistoryMar 05, 2018 - 7:29 p.m.

CVE-2017-17141

2018-03-0519:29:00
CWE-772
web.nvd.nist.gov
27
huawei
cve-2017-17141
vulnerability
memory leak
mpls
service ping
nvd

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

4.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

39.8%

Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T; V200R008C00; V200R009C00;S3700 V100R006C03;S5700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R003C02; V200R005C00; V200R005C01; V200R005C02; V200R005C03; V200R006C00; V200R007C00; V200R008C00; V200R009C00;S6700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R005C01; V200R005C02; V200R008C00; V200R009C00;S7700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R006C01; V200R007C00; V200R007C01; V200R008C00; V200R008C06; V200R009C00;S9700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R008C00; V200R009C00 have a memory leak vulnerability. In some specific conditions, if attackers send specific malformed MPLS Service PING messages to the affected products, products do not release the memory when handling the packets. So successful exploit will result in memory leak of the affected products.

Affected configurations

NVD
Node
huaweis12700_firmwareMatchv200r005c00
OR
huaweis12700_firmwareMatchv200r006c00
OR
huaweis12700_firmwareMatchv200r007c00
OR
huaweis12700_firmwareMatchv200r007c01
OR
huaweis12700_firmwareMatchv200r007c20
OR
huaweis12700_firmwareMatchv200r008c00
OR
huaweis12700_firmwareMatchv200r009c00
AND
huaweis12700Match-
Node
huaweis1700_firmwareMatchv200r006c10
OR
huaweis1700_firmwareMatchv200r009c00
AND
huaweis1700Match-
Node
huaweis2700_firmwareMatchv100r006c03
OR
huaweis2700_firmwareMatchv200r003c00
OR
huaweis2700_firmwareMatchv200r005c00
OR
huaweis2700_firmwareMatchv200r006c00
OR
huaweis2700_firmwareMatchv200r006c10
OR
huaweis2700_firmwareMatchv200r007c00
OR
huaweis2700_firmwareMatchv200r007c00b050
OR
huaweis2700_firmwareMatchv200r007c00spc009t
OR
huaweis2700_firmwareMatchv200r007c00spc019t
OR
huaweis2700_firmwareMatchv200r008c00
OR
huaweis2700_firmwareMatchv200r009c00
AND
huaweis2700Match-
Node
huaweis3700_firmwareMatchv100r006c03
AND
huaweis3700Match-
Node
huaweis5700_firmwareMatchv200r001c00
OR
huaweis5700_firmwareMatchv200r001c01
OR
huaweis5700_firmwareMatchv200r002c00
OR
huaweis5700_firmwareMatchv200r003c00
OR
huaweis5700_firmwareMatchv200r003c02
OR
huaweis5700_firmwareMatchv200r005c00
OR
huaweis5700_firmwareMatchv200r005c01
OR
huaweis5700_firmwareMatchv200r005c02
OR
huaweis5700_firmwareMatchv200r005c03
OR
huaweis5700_firmwareMatchv200r006c00
OR
huaweis5700_firmwareMatchv200r007c00
OR
huaweis5700_firmwareMatchv200r008c00
OR
huaweis5700_firmwareMatchv200r009c00
AND
huaweis5700Match-
Node
huaweis6700_firmwareMatchv200r001c00
OR
huaweis6700_firmwareMatchv200r001c01
OR
huaweis6700_firmwareMatchv200r002c00
OR
huaweis6700_firmwareMatchv200r003c00
OR
huaweis6700_firmwareMatchv200r005c00
OR
huaweis6700_firmwareMatchv200r005c01
OR
huaweis6700_firmwareMatchv200r005c02
OR
huaweis6700_firmwareMatchv200r008c00
OR
huaweis6700_firmwareMatchv200r009c00
AND
huaweis6700Match-
Node
huaweis7700_firmwareMatchv200r001c00
OR
huaweis7700_firmwareMatchv200r001c01
OR
huaweis7700_firmwareMatchv200r002c00
OR
huaweis7700_firmwareMatchv200r003c00
OR
huaweis7700_firmwareMatchv200r005c00
OR
huaweis7700_firmwareMatchv200r006c00
OR
huaweis7700_firmwareMatchv200r006c01
OR
huaweis7700_firmwareMatchv200r007c00
OR
huaweis7700_firmwareMatchv200r007c01
OR
huaweis7700_firmwareMatchv200r008c00
OR
huaweis7700_firmwareMatchv200r008c06
OR
huaweis7700_firmwareMatchv200r009c00
AND
huaweis7700Match-
Node
huaweis9700_firmwareMatchv200r001c00
OR
huaweis9700_firmwareMatchv200r001c01
OR
huaweis9700_firmwareMatchv200r002c00
OR
huaweis9700_firmwareMatchv200r003c00
OR
huaweis9700_firmwareMatchv200r005c00
OR
huaweis9700_firmwareMatchv200r006c00
OR
huaweis9700_firmwareMatchv200r007c00
OR
huaweis9700_firmwareMatchv200r007c01
OR
huaweis9700_firmwareMatchv200r008c00
OR
huaweis9700_firmwareMatchv200r009c00
AND
huaweis9700Match-

CNA Affected

[
  {
    "product": "S12700; S1700; S2700; S3700; S5700; S6700; S7700; S9700",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "S12700 V200R005C00"
      },
      {
        "status": "affected",
        "version": "V200R006C00"
      },
      {
        "status": "affected",
        "version": "V200R007C00"
      },
      {
        "status": "affected",
        "version": "V200R007C01"
      },
      {
        "status": "affected",
        "version": "V200R007C20"
      },
      {
        "status": "affected",
        "version": "V200R008C00"
      },
      {
        "status": "affected",
        "version": "V200R009C00"
      },
      {
        "status": "affected",
        "version": "S1700 V200R006C10"
      },
      {
        "status": "affected",
        "version": "S2700 V100R006C03"
      },
      {
        "status": "affected",
        "version": "V200R003C00"
      },
      {
        "status": "affected",
        "version": "V200R005C00"
      },
      {
        "status": "affected",
        "version": "V200R006C10"
      },
      {
        "status": "affected",
        "version": "V200R007C00B050"
      },
      {
        "status": "affected",
        "version": "V200R007C00SPC009T"
      },
      {
        "status": "affected",
        "version": "V200R007C00SPC019T"
      },
      {
        "status": "affected",
        "version": "S3700 V100R006C03"
      },
      {
        "status": "affected",
        "version": "S5700 V200R001C00"
      },
      {
        "status": "affected",
        "version": "V200R001C01"
      },
      {
        "status": "affected",
        "version": "V200R002C00"
      },
      {
        "status": "affected",
        "version": "V200R003C02"
      },
      {
        "status": "affected",
        "version": "V200R005C01"
      },
      {
        "status": "affected",
        "version": "V200R005C02"
      },
      {
        "status": "affected",
        "version": "V200R005C03"
      },
      {
        "status": "affected",
        "version": "S6700 V200R001C00"
      },
      {
        "status": "affected",
        "version": "S7700 V200R001C00"
      },
      {
        "status": "affected",
        "version": "V200R006C01"
      },
      {
        "status": "affected",
        "version": "V200R008C06"
      },
      {
        "status": "affected",
        "version": "S9700 V200R001C00"
      }
    ]
  }
]

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

4.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

39.8%

Related for CVE-2017-17141