Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20171213-06-XML
HistoryDec 13, 2017 - 12:00 a.m.

Security Advisory - Multiple Vulnerabilities in Some Huawei Products

2017-12-1300:00:00
Huawei Technologies
www.huawei.com
11

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

There is a memory leak vulnerability in some Huawei products. An authenticated, local attacker may craft a specific XML file to the affected products. Due to not free the memory to parse the XML file, successful exploit will result in memory leak of the affected products. (Vulnerability ID: HWPSIRT-2017-04156)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17291.

There is a denial of service vulnerability in the specific module of some Huawei products. An authenticated, local attacker may craft a specific XML file to the affected products. Due to improper handling of input, successful exploit will cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-04157)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17292.

There is a buffer overflow vulnerability in some Huawei products. An authenticated, local attacker may craft a specific XML file to the affected products. Due to insufficient input validation, successful exploit will cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-04158)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17293.

There is a null pointer dereference vulnerability in some Huawei products. Due to insufficient input validation, an authenticated, local attacker may craft a specific XML file to the affected products to cause null pointer dereference. Successful exploit will cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-04169)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17294.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-06-xml-en

Affected configurations

Vulners
Node
huaweiar120-sMatchV200R006C10
OR
huaweiar120-sMatchV200R007C00
OR
huaweiar120-sMatchV200R008C20
OR
huaweiar120-sMatchV200R008C30
OR
huaweiar1200MatchV200R006C10
OR
huaweiar1200MatchV200R006C13
OR
huaweiar1200MatchV200R007C00
OR
huaweiar1200MatchV200R007C01
OR
huaweiar1200MatchV200R007C02
OR
huaweiar1200MatchV200R008C20
OR
huaweiar1200MatchV200R008C30
OR
huaweiar1200-sMatchV200R006C10
OR
huaweiar1200-sMatchV200R007C00
OR
huaweiar1200-sMatchV200R008C20
OR
huaweiar1200-sMatchV200R008C30
OR
huaweiar150MatchV200R006C10
OR
huaweiar150MatchV200R007C00
OR
huaweiar150MatchV200R007C01
OR
huaweiar150MatchV200R007C02
OR
huaweiar150MatchV200R008C20
OR
huaweiar150MatchV200R008C30
OR
huaweiar150-sMatchV200R006C10
OR
huaweiar150-sMatchV200R007C00
OR
huaweiar150-sMatchV200R008C20
OR
huaweiar150-sMatchV200R008C30
OR
huaweiar160MatchV200R006C10
OR
huaweiar160MatchV200R006C12
OR
huaweiar160MatchV200R007C00
OR
huaweiar160MatchV200R007C01
OR
huaweiar160MatchV200R007C02
OR
huaweiar160MatchV200R008C20
OR
huaweiar160MatchV200R008C30
OR
huaweiar200MatchV200R006C10
OR
huaweiar200MatchV200R007C00
OR
huaweiar200MatchV200R007C01
OR
huaweiar200MatchV200R008C20
OR
huaweiar200MatchV200R008C30
OR
huaweiar200-sMatchV200R006C10
OR
huaweiar200-sMatchV200R007C00
OR
huaweiar200-sMatchV200R008C20
OR
huaweiar200-sMatchV200R008C30
OR
huaweiar2200MatchV200R006C10
OR
huaweiar2200MatchV200R006C13
OR
huaweiar2200MatchV200R006C16
OR
huaweiar2200MatchV200R007C00
OR
huaweiar2200MatchV200R007C01
OR
huaweiar2200MatchV200R007C02
OR
huaweiar2200MatchV200R008C20
OR
huaweiar2200MatchV200R008C30
OR
huaweiar2200-sMatchV200R006C10
OR
huaweiar2200-sMatchV200R007C00
OR
huaweiar2200-sMatchV200R008C20
OR
huaweiar2200-sMatchV200R008C30
OR
huaweiar3200MatchV200R006C10
OR
huaweiar3200MatchV200R006C11
OR
huaweiar3200MatchV200R007C00
OR
huaweiar3200MatchV200R007C01
OR
huaweiar3200MatchV200R007C02
OR
huaweiar3200MatchV200R008C00
OR
huaweiar3200MatchV200R008C10
OR
huaweiar3200MatchV200R008C20
OR
huaweiar3200MatchV200R008C30
OR
huaweiar3600MatchV200R006C10
OR
huaweiar3600MatchV200R007C00
OR
huaweiar3600MatchV200R007C01
OR
huaweiar3600MatchV200R008C20
OR
huaweiar510MatchV200R006C10
OR
huaweiar510MatchV200R006C12
OR
huaweiar510MatchV200R006C13
OR
huaweiar510MatchV200R006C15
OR
huaweiar510MatchV200R006C16
OR
huaweiar510MatchV200R006C17
OR
huaweiar510MatchV200R007C00
OR
huaweiar510MatchV200R008C20
OR
huaweiar510MatchV200R008C30
OR
huaweidp300MatchV500R002C00
OR
huaweimax_presenceMatchV100R001C00
OR
huaweinetengine16exMatchV200R006C10
OR
huaweinetengine16exMatchV200R007C00
OR
huaweinetengine16exMatchV200R008C20
OR
huaweinetengine16exMatchV200R008C30
OR
huaweirp200MatchV500R002C00
OR
huaweirp200MatchV600R006C00
OR
huaweisrg1300MatchV200R006C10
OR
huaweisrg1300MatchV200R007C00
OR
huaweisrg1300MatchV200R007C02
OR
huaweisrg1300MatchV200R008C20
OR
huaweisrg1300MatchV200R008C30
OR
huaweisrg2300MatchV200R006C10
OR
huaweisrg2300MatchV200R007C00
OR
huaweisrg2300MatchV200R007C02
OR
huaweisrg2300MatchV200R008C20
OR
huaweisrg2300MatchV200R008C30
OR
huaweisrg3300MatchV200R006C10
OR
huaweisrg3300MatchV200R007C00
OR
huaweisrg3300MatchV200R008C20
OR
huaweisrg3300MatchV200R008C30
OR
huaweite30MatchV100R001C02
OR
huaweite30MatchV100R001C10
OR
huaweite30MatchV500R002C00
OR
huaweite30MatchV600R006C00
OR
huaweite40MatchV500R002C00
OR
huaweite40MatchV600R006C00
OR
huaweite50MatchV500R002C00
OR
huaweite50MatchV600R006C00
OR
huaweite60MatchV100R001C01
OR
huaweite60MatchV100R001C10
OR
huaweite60MatchV500R002C00
OR
huaweite60MatchV600R006C00
OR
huaweitp3106MatchV100R002C00
OR
huaweitp3206MatchV100R002C00
OR
huaweitp3206MatchV100R002C10

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

Related for HUAWEI-SA-20171213-06-XML