Lucene search

[email protected]CVE-2017-17250

HistoryMar 09, 2018 - 5:29 p.m.

CVE-2017-17250

2018-03-0917:29:00

CWE-787

[email protected]

web.nvd.nist.gov

huawei

ar120-s

ar1200

ar150

ar160

ar200

ar2200-s

ar3200

ar510

netengine16ex

srg1300

srg2300

srg3300

ospf

vulnerability

remote exploit

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

61.5%

JSON

Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash.

CPENameOperatorVersion
huawei:ar120-s_firmwarehuawei ar120-s firmwareeqv200r005c32
huawei:ar1200_firmwarehuawei ar1200 firmwareeqv200r005c32
huawei:ar1200-s_firmwarehuawei ar1200-s firmwareeqv200r005c32
huawei:ar150_firmwarehuawei ar150 firmwareeqv200r005c32
huawei:ar160_firmwarehuawei ar160 firmwareeqv200r005c32
huawei:ar200_firmwarehuawei ar200 firmwareeqv200r005c32
huawei:ar200-s_firmwarehuawei ar200-s firmwareeqv200r005c32
huawei:ar150-s_firmwarehuawei ar150-s firmwareeqv200r005c32
huawei:ar2200-s_firmwarehuawei ar2200-s firmwareeqv200r005c32
huawei:ar3200_firmwarehuawei ar3200 firmwareeqv200r005c32

CPE	Name	Operator	Version
huawei:ar120-s_firmware	huawei ar120-s firmware	eq	v200r005c32
huawei:ar1200_firmware	huawei ar1200 firmware	eq	v200r005c32
huawei:ar1200-s_firmware	huawei ar1200-s firmware	eq	v200r005c32
huawei:ar150_firmware	huawei ar150 firmware	eq	v200r005c32
huawei:ar160_firmware	huawei ar160 firmware	eq	v200r005c32
huawei:ar200_firmware	huawei ar200 firmware	eq	v200r005c32
huawei:ar200-s_firmware	huawei ar200-s firmware	eq	v200r005c32
huawei:ar150-s_firmware	huawei ar150-s firmware	eq	v200r005c32
huawei:ar2200-s_firmware	huawei ar2200-s firmware	eq	v200r005c32
huawei:ar3200_firmware	huawei ar3200 firmware	eq	v200r005c32

Rows per page:

1-10 of 301

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

61.5%

JSON

Related for CVE-2017-17250

openvas1 prion1 cvelist1 huawei1