Lucene search

K
cve[email protected]CVE-2017-2722
HistoryNov 22, 2017 - 7:29 p.m.

CVE-2017-2722

2017-11-2219:29:01
CWE-20
web.nvd.nist.gov
20
cve-2017-2722
input validation vulnerability
huawei devices
denial of service
arbitrary code execution
nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD with software V100R004C10,eSpace 7950 with software V200R003C00 and V200R003C30,eSpace IAD with software V300R001C07SPCa00 and V300R002C01SPCb00,eSpace U1981 with software V100R001C20, V100R001C30, V200R003C00, V200R003C20 and V200R003C30 have an input validation vulnerability.A remote attacker may exploit this vulnerability by crafting a malformed packet and sending it to the device. A successful exploit could allow the attacker to cause a denial of service or execute arbitrary code.

Affected configurations

NVD
Node
huaweidp300Match-
AND
huaweidp300_firmwareMatchv500r002c00
Node
huaweite60Match-
AND
huaweite60_firmwareMatchv100r001c01
OR
huaweite60_firmwareMatchv100r001c10
OR
huaweite60_firmwareMatchv100r003c00
OR
huaweite60_firmwareMatchv500r002c00
OR
huaweite60_firmwareMatchv600r006c00
Node
huaweitp3106Match-
AND
huaweitp3106_firmwareMatchv100r001c06
OR
huaweitp3106_firmwareMatchv100r002c00
Node
huaweiviewpoint_9030Match-
AND
huaweiviewpoint_9030_firmwareMatchv100r011c02
OR
huaweiviewpoint_9030_firmwareMatchv100r011c03
Node
huaweiecns210_tdMatch-
AND
huaweiecns210_td_firmwareMatchv100r004c10
Node
huaweiespace_7950Match-
AND
huaweiespace_7950_firmwareMatchv200r003c00
OR
huaweiespace_7950_firmwareMatchv200r003c30
Node
huaweiespace_iadMatch-
AND
huaweiespace_iad_firmwareMatchv300r001c07spca00
OR
huaweiespace_iad_firmwareMatchv300r002c01spcb00
Node
huaweiespace_u1981Match-
AND
huaweiespace_u1981_firmwareMatchv100r001c20
OR
huaweiespace_u1981_firmwareMatchv100r001c30
OR
huaweiespace_u1981_firmwareMatchv200r003c00
OR
huaweiespace_u1981_firmwareMatchv200r003c20
OR
huaweiespace_u1981_firmwareMatchv200r003c30

CNA Affected

[
  {
    "product": "DP300,TE60,TP3106,ViewPoint 9030,eCNS210_TD,eSpace 7950,eSpace IAD,eSpace U1981",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD with software V100R004C10,eSpace 7950 with software V200R003C00 and V200R003C30,eSpace IAD with software V300R001C07SPCa00 and V300R002C01SPCb00,eSpace U1981 with software V100R001C20, V100R001C30, V200R003C00, V200R003C20 and V200R003C30"
      }
    ]
  }
]

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

Related for CVE-2017-2722