Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huaweiHuawei TechnologiesHUAWEI-SA-20171206-01-LICENSE
HistoryDec 06, 2017 - 12:00 a.m.

Security Advisory - Two Vulnerabilities of License Module in Some Huawei Products

2017-12-0600:00:00
Huawei Technologies
www.huawei.com
11

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

0.4%

JSON

There is a uncontrolled format string vulnerability when the license module of some Huawei products output the log information. An authenticated local attacker could exploit this vulnerability to cause a denial of service. (Vulnerability ID: HWPSIRT-2017-06138)

This vulnerability has been assigned a CVE ID: CVE-2017-17132.

There is a null pointer reference vulnerability in license module of some Huawei products due to insufficient verification. An authenticated local attacker could place a malicious license file into system, which cause memory null pointer accessing and related processing crash. The attacker can exploit this vulnerability to cause a denial of service. (Vulnerability ID: HWPSIRT-2017-09100)

This vulnerability has been assigned a CVE ID: CVE-2017-17133.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-license-en

Affected configurations

Vulners
Node
huaweivp9660Matchv500r002c10
CPENameOperatorVersion
vp9660eqV500R002C10

Related

openvas 1
prion 2
cve 2
cvelist 2
nvd 2
openvas
openvas
Huawei Data Communication: Two Vulnerabilities of License Module in Some Huawei Products (huawei-sa-20171206-01-license)
2020-06-05 00:00:00
prion
prion
Format string
2018-03-05 19:29:00
Null pointer dereference
2018-03-05 19:29:00
cve
cve
CVE-2017-17132
2018-03-05 19:29:00
CVE-2017-17133
2018-03-05 19:29:00
cvelist
cvelist
CVE-2017-17132
2017-12-06 00:00:00
CVE-2017-17133
2017-12-06 00:00:00
nvd
nvd
CVE-2017-17132
2018-03-05 19:29:00
CVE-2017-17133
2018-03-05 19:29:00

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

0.4%

JSON
Related for HUAWEI-SA-20171206-01-LICENSE
openvas1prion2cve2cvelist2nvd2