Lucene search

HuaweiCVE-2017-17304

HistoryMar 09, 2018 - 5:29 p.m.

CVE-2017-17304

2018-03-0917:29:01

CWE-20

huawei

web.nvd.nist.gov

cidam protocol

huawei products

input validation vulnerabilities

remote attack

cve-2017-17304

nvd

security vulnerability

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

0.002

Percentile

53.9%

JSON

The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900.

Affected configurations

Nvd

Vulners

Node

huaweidp300_firmwareMatchv500r002c00

huaweidp300_firmwareMatchv500r002c00b010

huaweidp300_firmwareMatchv500r002c00b011

huaweidp300_firmwareMatchv500r002c00b012

huaweidp300_firmwareMatchv500r002c00b013

huaweidp300_firmwareMatchv500r002c00b014

huaweidp300_firmwareMatchv500r002c00b017

huaweidp300_firmwareMatchv500r002c00b018

huaweidp300_firmwareMatchv500r002c00spc100

huaweidp300_firmwareMatchv500r002c00spc200

huaweidp300_firmwareMatchv500r002c00spc300

huaweidp300_firmwareMatchv500r002c00spc400

huaweidp300_firmwareMatchv500r002c00spc500

huaweidp300_firmwareMatchv500r002c00spc600

huaweidp300_firmwareMatchv500r002c00spc800

huaweidp300_firmwareMatchv500r002c00spc900

huaweidp300_firmwareMatchv500r002c00spca00

AND

huaweidp300Match-

VendorProductVersionCPE
huaweidp300_firmwarev500r002c00cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*
huaweidp300_firmwarev500r002c00b010cpe:2.3:o:huawei:dp300_firmware:v500r002c00b010:*:*:*:*:*:*:*
huaweidp300_firmwarev500r002c00b011cpe:2.3:o:huawei:dp300_firmware:v500r002c00b011:*:*:*:*:*:*:*
huaweidp300_firmwarev500r002c00b012cpe:2.3:o:huawei:dp300_firmware:v500r002c00b012:*:*:*:*:*:*:*
huaweidp300_firmwarev500r002c00b013cpe:2.3:o:huawei:dp300_firmware:v500r002c00b013:*:*:*:*:*:*:*
huaweidp300_firmwarev500r002c00b014cpe:2.3:o:huawei:dp300_firmware:v500r002c00b014:*:*:*:*:*:*:*
huaweidp300_firmwarev500r002c00b017cpe:2.3:o:huawei:dp300_firmware:v500r002c00b017:*:*:*:*:*:*:*
huaweidp300_firmwarev500r002c00b018cpe:2.3:o:huawei:dp300_firmware:v500r002c00b018:*:*:*:*:*:*:*
huaweidp300_firmwarev500r002c00spc100cpe:2.3:o:huawei:dp300_firmware:v500r002c00spc100:*:*:*:*:*:*:*
huaweidp300_firmwarev500r002c00spc200cpe:2.3:o:huawei:dp300_firmware:v500r002c00spc200:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	dp300_firmware	v500r002c00	cpe:2.3:o:huawei:dp300_firmware:v500r002c00:::::::*
huawei	dp300_firmware	v500r002c00b010	cpe:2.3:o:huawei:dp300_firmware:v500r002c00b010:::::::*
huawei	dp300_firmware	v500r002c00b011	cpe:2.3:o:huawei:dp300_firmware:v500r002c00b011:::::::*
huawei	dp300_firmware	v500r002c00b012	cpe:2.3:o:huawei:dp300_firmware:v500r002c00b012:::::::*
huawei	dp300_firmware	v500r002c00b013	cpe:2.3:o:huawei:dp300_firmware:v500r002c00b013:::::::*
huawei	dp300_firmware	v500r002c00b014	cpe:2.3:o:huawei:dp300_firmware:v500r002c00b014:::::::*
huawei	dp300_firmware	v500r002c00b017	cpe:2.3:o:huawei:dp300_firmware:v500r002c00b017:::::::*
huawei	dp300_firmware	v500r002c00b018	cpe:2.3:o:huawei:dp300_firmware:v500r002c00b018:::::::*
huawei	dp300_firmware	v500r002c00spc100	cpe:2.3:o:huawei:dp300_firmware:v500r002c00spc100:::::::*
huawei	dp300_firmware	v500r002c00spc200	cpe:2.3:o:huawei:dp300_firmware:v500r002c00spc200:::::::*

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "DP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V500R002C00"
      },
      {
        "status": "affected",
        "version": "V500R002C00B010"
      },
      {
        "status": "affected",
        "version": "V500R002C00B011"
      },
      {
        "status": "affected",
        "version": "V500R002C00B012"
      },
      {
        "status": "affected",
        "version": "V500R002C00B013"
      },
      {
        "status": "affected",
        "version": "V500R002C00B014"
      },
      {
        "status": "affected",
        "version": "V500R002C00B017"
      },
      {
        "status": "affected",
        "version": "V500R002C00B018"
      },
      {
        "status": "affected",
        "version": "V500R002C00SPC100"
      },
      {
        "status": "affected",
        "version": "V500R002C00SPC200"
      },
      {
        "status": "affected",
        "version": "V500R002C00SPC300"
      },
      {
        "status": "affected",
        "version": "V500R002C00SPC400"
      },
      {
        "status": "affected",
        "version": "V500R002C00SPC500"
      },
      {
        "status": "affected",
        "version": "V500R002C00SPC600"
      },
      {
        "status": "affected",
        "version": "V500R002C00SPC800"
      },
      {
        "status": "affected",
        "version": "V500R002C00SPC900"
      },
      {
        "status": "affected",
        "version": "V500R002C00SPCa00"
      },
      {
        "status": "affected",
        "version": "V600R006C00"
      },
      {
        "status": "affected",
        "version": "V600R006C00SPC200"
      },
      {
        "status": "affected",
        "version": "V600R006C00SPC300"
      },
      {
        "status": "affected",
        "version": "V600R006C00SPC400"
      },
      {
        "status": "affected",
        "version": "V600R006C00SPC500"
      },
      {
        "status": "affected",
        "version": "V100R001C10SPC300"
      },
      {
        "status": "affected",
        "version": "V100R001C10SPC500"
      },
      {
        "status": "affected",
        "version": "V100R001C10SPC600"
      },
      {
        "status": "affected",
        "version": "V100R001C10SPC700B010"
      },
      {
        "status": "affected",
        "version": "V500R002C00SPC700"
      },
      {
        "status": "affected",
        "version": "V500R002C00SPCb00"
      },
      {
        "status": "affected",
        "version": "V100R001C10"
      },
      {
        "status": "affected",
        "version": "V100R001C10B001"
      },
      {
        "status": "affected",
        "version": "V100R001C10B002"
      },
      {
        "status": "affected",
        "version": "V100R001C10B010"
      },
      {
        "status": "affected",
        "version": "V100R001C10B011"
      },
      {
        "status": "affected",
        "version": "V100R001C10B012"
      },
      {
        "status": "affected",
        "version": "V100R001C10B013"
      },
      {
        "status": "affected",
        "version": "V100R001C10B014"
      },
      {
        "status": "affected",
        "version": "V100R001C10B016"
      },
      {
        "status": "affected",
        "version": "V100R001C10B017"
      },
      {
        "status": "affected",
        "version": "V100R001C10B018"
      },
      {
        "status": "affected",
        "version": "V100R001C10B019"
      },
      {
        "status": "affected",
        "version": "V100R001C10SPC400"
      },
      {
        "status": "affected",
        "version": "V100R001C10SPC700"
      },
      {
        "status": "affected",
        "version": "V100R001C10SPC800B011"
      },
      {
        "status": "affected",
        "version": "V100R001C10SPC900"
      },
      {
        "status": "affected",
        "version": "V500R002C00SPCd00"
      },
      {
        "status": "affected",
        "version": "V500R002C00SPCe00"
      },
      {
        "status": "affected",
        "version": "V600R006C00SPC100"
      },
      {
        "status": "affected",
        "version": "V200R003C20SPC900"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

0.002

Percentile

53.9%

JSON

Related for CVE-2017-17304