Lucene search

K
cve[email protected]CVE-2017-17318
HistoryApr 30, 2018 - 2:29 p.m.

CVE-2017-17318

2018-04-3014:29:00
CWE-20
web.nvd.nist.gov
21
huawei
e5771h-937
dos vulnerability
cve-2017-17318
information security
nvd

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

25.6%

Huawei MBB (Mobile Broadband) products E5771h-937 with the versions before E5771h-937TCPU-V200R001B328D62SP00C1133 and the versions before E5771h-937TCPU-V200R001B329D05SP00C1308 have a Denial of Service (DoS) vulnerability. When an attacker accessing device sends special http request to device, the webserver process will try to apply too much memory which can cause the device to become unable to respond. An attacker can launch a DoS attack by exploiting this vulnerability.

Affected configurations

NVD
Node
huaweie5771h-937_firmwareRange<v200r001b329d05sp00c1308
AND
huaweie5771h-937Match-
Node
huaweie5771h-937_firmwareRange<v200r001b328d62sp00c1133
AND
huaweie5771h-937Match-

CNA Affected

[
  {
    "product": "E5771h-937",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "E5771h-937, The versions before E5771h-937TCPU-V200R001B328D62SP00C1133 and The versions before E5771h-937TCPU-V200R001B329D05SP00C1308"
      }
    ]
  }
]

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

25.6%

Related for CVE-2017-17318