Lucene search
Huawei TechnologiesHUAWEI-SA-20171215-01-OVERFLOWHistoryDec 15, 2017 - 12:00 a.m.
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products
2017-12-1500:00:00
Huawei Technologies
www.huawei.com
16
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
0.001
Percentile
50.4%
There is buffer overflow vulnerability in some Huawei products. An unauthenticated, remote attacker may send specially crafted certificates to the affected products. Due to insufficient validation of the certificates, successful exploit may cause buffer overflow and some service abnormal. (Vulnerability ID: HWPSIRT-2017-07013)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17298.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-overflow-en
Affected configurations
Node
huaweiar120-s_firmwareMatchv200r006c10
ORhuaweiar120-s_firmwareMatchv200r007c00
ORhuaweiar120-s_firmwareMatchv200r008c20
ORhuaweiar120-s_firmwareMatchv200r008c30
ORhuaweiar1200_firmwareMatchv200r006c10
ORhuaweiar1200_firmwareMatchv200r006c13
ORhuaweiar1200_firmwareMatchv200r007c00
ORhuaweiar1200_firmwareMatchv200r007c01
ORhuaweiar1200_firmwareMatchv200r007c02
ORhuaweiar1200_firmwareMatchv200r008c20
ORhuaweiar1200_firmwareMatchv200r008c30
ORhuaweiar1200-s_firmwareMatchv200r006c10
ORhuaweiar1200-s_firmwareMatchv200r007c00
ORhuaweiar1200-s_firmwareMatchv200r008c20
ORhuaweiar1200-s_firmwareMatchv200r008c30
ORhuaweiar150_firmwareMatchv200r006c10
ORhuaweiar150_firmwareMatchv200r007c00
ORhuaweiar150_firmwareMatchv200r007c01
ORhuaweiar150_firmwareMatchv200r007c02
ORhuaweiar150_firmwareMatchv200r008c20
ORhuaweiar150_firmwareMatchv200r008c30
ORhuaweiar150-s_firmwareMatchv200r006c10
ORhuaweiar150-s_firmwareMatchv200r007c00
ORhuaweiar150-s_firmwareMatchv200r008c20
ORhuaweiar150-s_firmwareMatchv200r008c30
ORhuaweiar160_firmwareMatchv200r006c10
ORhuaweiar160_firmwareMatchv200r006c12
ORhuaweiar160_firmwareMatchv200r007c00
ORhuaweiar160_firmwareMatchv200r007c01
ORhuaweiar160_firmwareMatchv200r007c02
ORhuaweiar160_firmwareMatchv200r008c20
ORhuaweiar160_firmwareMatchv200r008c30
ORhuaweiar200_firmwareMatchv200r006c10
ORhuaweiar200_firmwareMatchv200r007c00
ORhuaweiar200_firmwareMatchv200r007c01
ORhuaweiar200_firmwareMatchv200r008c20
ORhuaweiar200_firmwareMatchv200r008c30
ORhuaweiar200-s_firmwareMatchv200r006c10
ORhuaweiar200-s_firmwareMatchv200r007c00
ORhuaweiar200-s_firmwareMatchv200r008c20
ORhuaweiar200-s_firmwareMatchv200r008c30
ORhuaweiar2200_firmwareMatchv200r006c10
ORhuaweiar2200_firmwareMatchv200r006c13
ORhuaweiar2200_firmwareMatchv200r006c16
ORhuaweiar2200_firmwareMatchv200r007c00
ORhuaweiar2200_firmwareMatchv200r007c01
ORhuaweiar2200_firmwareMatchv200r007c02
ORhuaweiar2200_firmwareMatchv200r008c20
ORhuaweiar2200_firmwareMatchv200r008c30
ORhuaweiar2200-s_firmwareMatchv200r006c10
ORhuaweiar2200-s_firmwareMatchv200r007c00
ORhuaweiar2200-s_firmwareMatchv200r008c20
ORhuaweiar2200-s_firmwareMatchv200r008c30
ORhuaweiar3200_firmwareMatchv200r006c10
ORhuaweiar3200_firmwareMatchv200r006c11
ORhuaweiar3200_firmwareMatchv200r007c00
ORhuaweiar3200_firmwareMatchv200r007c01
ORhuaweiar3200_firmwareMatchv200r007c02
ORhuaweiar3200_firmwareMatchv200r008c00
ORhuaweiar3200_firmwareMatchv200r008c10
ORhuaweiar3200_firmwareMatchv200r008c20
ORhuaweiar3200_firmwareMatchv200r008c30
ORhuaweiar3600_firmwareMatchv200r006c10
ORhuaweiar3600_firmwareMatchv200r007c00
ORhuaweiar3600_firmwareMatchv200r007c01
ORhuaweiar3600_firmwareMatchv200r008c20
ORhuaweiar510_firmwareMatchv200r006c10
ORhuaweiar510_firmwareMatchv200r006c12
ORhuaweiar510_firmwareMatchv200r006c13
ORhuaweiar510_firmwareMatchv200r006c15
ORhuaweiar510_firmwareMatchv200r006c16
ORhuaweiar510_firmwareMatchv200r006c17
ORhuaweiar510_firmwareMatchv200r007c00
ORhuaweiar510_firmwareMatchv200r008c20
ORhuaweiar510_firmwareMatchv200r008c30
ORhuaweidbs3900_tdd_lte_firmwareMatchv100r003c00
ORhuaweidbs3900_tdd_lte_firmwareMatchv100r004c10
ORhuaweidp300_firmwareMatchv500r002c00
ORhuaweinetengine16ex_firmwareMatchv200r006c10
ORhuaweinetengine16ex_firmwareMatchv200r007c00
ORhuaweinetengine16ex_firmwareMatchv200r008c20
ORhuaweinetengine16ex_firmwareMatchv200r008c30
ORhuaweirp200_firmwareMatchv500r002c00
ORhuaweirp200_firmwareMatchv600r006c00
ORhuaweisrg1300_firmwareMatchv200r006c10
ORhuaweisrg1300_firmwareMatchv200r007c00
ORhuaweisrg1300_firmwareMatchv200r007c02
ORhuaweisrg1300_firmwareMatchv200r008c20
ORhuaweisrg1300_firmwareMatchv200r008c30
ORhuaweisrg2300_firmwareMatchv200r006c10
ORhuaweisrg2300_firmwareMatchv200r007c00
ORhuaweisrg2300_firmwareMatchv200r007c02
ORhuaweisrg2300_firmwareMatchv200r008c20
ORhuaweisrg2300_firmwareMatchv200r008c30
ORhuaweisrg3300_firmwareMatchv200r006c10
ORhuaweisrg3300_firmwareMatchv200r007c00
ORhuaweisrg3300_firmwareMatchv200r008c20
ORhuaweisrg3300_firmwareMatchv200r008c30
ORhuaweite30_firmwareMatchv100r001c02
ORhuaweite30_firmwareMatchv100r001c10
ORhuaweite30_firmwareMatchv500r002c00
ORhuaweite30_firmwareMatchv600r006c00
ORhuaweite40_firmwareMatchv500r002c00
ORhuaweite40_firmwareMatchv600r006c00
ORhuaweite50_firmwareMatchv500r002c00
ORhuaweite50_firmwareMatchv600r006c00
ORhuaweite60_firmwareMatchv100r001c01
ORhuaweite60_firmwareMatchv100r001c10
ORhuaweite60_firmwareMatchv500r002c00
ORhuaweite60_firmwareMatchv600r006c00
ORhuaweitp3106_firmwareMatchv100r002c00
ORhuaweitp3206_firmwareMatchv100r002c00
ORhuaweitp3206_firmwareMatchv100r002c10
ORhuaweiviewpoint_9030_firmwareMatchv100r011c02
ORhuaweiviewpoint_9030_firmwareMatchv100r011c03
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | ar120-s_firmware | v200r006c10 | cpe:2.3:o:huawei:ar120-s_firmware:v200r006c10:*:*:*:*:*:*:* |
| huawei | ar120-s_firmware | v200r007c00 | cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00:*:*:*:*:*:*:* |
| huawei | ar120-s_firmware | v200r008c20 | cpe:2.3:o:huawei:ar120-s_firmware:v200r008c20:*:*:*:*:*:*:* |
| huawei | ar120-s_firmware | v200r008c30 | cpe:2.3:o:huawei:ar120-s_firmware:v200r008c30:*:*:*:*:*:*:* |
| huawei | ar1200_firmware | v200r006c10 | cpe:2.3:o:huawei:ar1200_firmware:v200r006c10:*:*:*:*:*:*:* |
| huawei | ar1200_firmware | v200r006c13 | cpe:2.3:o:huawei:ar1200_firmware:v200r006c13:*:*:*:*:*:*:* |
| huawei | ar1200_firmware | v200r007c00 | cpe:2.3:o:huawei:ar1200_firmware:v200r007c00:*:*:*:*:*:*:* |
| huawei | ar1200_firmware | v200r007c01 | cpe:2.3:o:huawei:ar1200_firmware:v200r007c01:*:*:*:*:*:*:* |
| huawei | ar1200_firmware | v200r007c02 | cpe:2.3:o:huawei:ar1200_firmware:v200r007c02:*:*:*:*:*:*:* |
| huawei | ar1200_firmware | v200r008c20 | cpe:2.3:o:huawei:ar1200_firmware:v200r008c20:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2017-17298
2018-02-15 16:00:00
nvd
nvd
CVE-2017-17298
2018-02-15 16:29:03
cve
cve
CVE-2017-17298
2018-02-15 16:29:03
openvas
openvas
prion
prion
Buffer overflow
2018-02-15 16:29:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
0.001
Percentile
50.4%
Related for HUAWEI-SA-20171215-01-OVERFLOW