Lucene search

[email protected]CVE-2017-17166

HistoryFeb 15, 2018 - 4:29 p.m.

CVE-2017-17166

2018-02-1516:29:00

CWE-400

[email protected]

web.nvd.nist.gov

huawei

v500r002

v500r001c00

resource exhaustion

vulnerability

h.323

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.3 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

54.0%

JSON

Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack memory is exhausted.

CPENameOperatorVersion
huawei:dp300_firmwarehuawei dp300 firmwareeqv500r002c00
huawei:secospace_usg6300_firmwarehuawei secospace usg6300 firmwareeqv500r001c00
huawei:secospace_usg6300_firmwarehuawei secospace usg6300 firmwareeqv500r001c20
huawei:secospace_usg6300_firmwarehuawei secospace usg6300 firmwareeqv500r001c30
huawei:secospace_usg6300_firmwarehuawei secospace usg6300 firmwareeqv500r001c50
huawei:secospace_usg6500_firmwarehuawei secospace usg6500 firmwareeqv500r001c00
huawei:secospace_usg6500_firmwarehuawei secospace usg6500 firmwareeqv500r001c20
huawei:secospace_usg6500_firmwarehuawei secospace usg6500 firmwareeqv500r001c30
huawei:secospace_usg6500_firmwarehuawei secospace usg6500 firmwareeqv500r001c50
huawei:secospace_usg6600_firmwarehuawei secospace usg6600 firmwareeqv500r001c00

CPE	Name	Operator	Version
huawei:dp300_firmware	huawei dp300 firmware	eq	v500r002c00
huawei:secospace_usg6300_firmware	huawei secospace usg6300 firmware	eq	v500r001c00
huawei:secospace_usg6300_firmware	huawei secospace usg6300 firmware	eq	v500r001c20
huawei:secospace_usg6300_firmware	huawei secospace usg6300 firmware	eq	v500r001c30
huawei:secospace_usg6300_firmware	huawei secospace usg6300 firmware	eq	v500r001c50
huawei:secospace_usg6500_firmware	huawei secospace usg6500 firmware	eq	v500r001c00
huawei:secospace_usg6500_firmware	huawei secospace usg6500 firmware	eq	v500r001c20
huawei:secospace_usg6500_firmware	huawei secospace usg6500 firmware	eq	v500r001c30
huawei:secospace_usg6500_firmware	huawei secospace usg6500 firmware	eq	v500r001c50
huawei:secospace_usg6600_firmware	huawei secospace usg6600 firmware	eq	v500r001c00

Rows per page:

1-10 of 161

References

www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-h323-en

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.3 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

54.0%

JSON

Related for CVE-2017-17166

prion1 cvelist1 openvas1 huawei1