Lucene search

Huawei TechnologiesHUAWEI-SA-20171220-02-CIDAM

HistoryDec 20, 2017 - 12:00 a.m.

Security Advisory - Multiple Input Validation Vulnerabilities in CIDAM Protocol on Huawei Products

2017-12-2000:00:00

Huawei Technologies

www.huawei.com

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

0.002 Low

EPSS

Percentile

54.0%

JSON

The CIDAM Protocol on Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. (Vulnerability ID: HWPSIRT-2017-08147, HWPSIRT-2017-08148, HWPSIRT-2017-08149 and HWPSIRT-2017-08150)

The four vulnerabilities have been assigned four Common Vulnerabilities and Exposures (CVE) IDs: CVE-2017-17168, CVE-2017-17169, CVE-2017-17170 and CVE-2017-17304.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en

Affected configurations

Vulners

Node

huaweidp300Matchv500r002c00

huaweidp300Matchv500r002c00b010

huaweidp300Matchv500r002c00b011

huaweidp300Matchv500r002c00b012

huaweidp300Matchv500r002c00b013

huaweidp300Matchv500r002c00b014

huaweidp300Matchv500r002c00b017

huaweidp300Matchv500r002c00b018

huaweidp300Matchv500r002c00spc100

huaweidp300Matchv500r002c00spc200

huaweidp300Matchv500r002c00spc300

huaweidp300Matchv500r002c00spc400

huaweidp300Matchv500r002c00spc500

huaweidp300Matchv500r002c00spc600

huaweidp300Matchv500r002c00spc800

huaweidp300Matchv500r002c00spc900

huaweidp300Matchv500r002c00spca00

huaweirp200Matchv500r002c00spc200

huaweirp200Matchv600r006c00

huaweirp200Matchv600r006c00spc200

huaweirp200Matchv600r006c00spc300

huaweirp200Matchv600r006c00spc400

huaweirp200Matchv600r006c00spc500

huaweite30Matchv100r001c10spc300

huaweite30Matchv100r001c10spc500

huaweite30Matchv100r001c10spc600

huaweite30Matchv100r001c10spc700b010

huaweite30Matchv500r002c00spc200

huaweite30Matchv500r002c00spc500

huaweite30Matchv500r002c00spc600

huaweite30Matchv500r002c00spc700

huaweite30Matchv500r002c00spc900

huaweite30Matchv500r002c00spcb00

huaweite30Matchv600r006c00

huaweite30Matchv600r006c00spc200

huaweite30Matchv600r006c00spc300

huaweite30Matchv600r006c00spc400

huaweite30Matchv600r006c00spc500

huaweite40Matchv500r002c00spc600

huaweite40Matchv500r002c00spc700

huaweite40Matchv500r002c00spc900

huaweite40Matchv500r002c00spcb00

huaweite40Matchv600r006c00

huaweite40Matchv600r006c00spc200

huaweite40Matchv600r006c00spc300

huaweite40Matchv600r006c00spc400

huaweite40Matchv600r006c00spc500

huaweite50Matchv500r002c00spc600

huaweite50Matchv500r002c00spc700

huaweite50Matchv500r002c00spcb00

huaweite50Matchv600r006c00

huaweite50Matchv600r006c00spc200

huaweite50Matchv600r006c00spc300

huaweite50Matchv600r006c00spc400

huaweite50Matchv600r006c00spc500

huaweite60Matchv100r001c10

huaweite60Matchv100r001c10b001

huaweite60Matchv100r001c10b002

huaweite60Matchv100r001c10b010

huaweite60Matchv100r001c10b011

huaweite60Matchv100r001c10b012

huaweite60Matchv100r001c10b013

huaweite60Matchv100r001c10b014

huaweite60Matchv100r001c10b016

huaweite60Matchv100r001c10b017

huaweite60Matchv100r001c10b018

huaweite60Matchv100r001c10b019

huaweite60Matchv100r001c10spc400

huaweite60Matchv100r001c10spc500

huaweite60Matchv100r001c10spc600

huaweite60Matchv100r001c10spc700

huaweite60Matchv100r001c10spc800b011

huaweite60Matchv100r001c10spc900

huaweite60Matchv500r002c00

huaweite60Matchv500r002c00b010

huaweite60Matchv500r002c00b011

huaweite60Matchv500r002c00spc100

huaweite60Matchv500r002c00spc200

huaweite60Matchv500r002c00spc300

huaweite60Matchv500r002c00spc600

huaweite60Matchv500r002c00spc700

huaweite60Matchv500r002c00spc800

huaweite60Matchv500r002c00spc900

huaweite60Matchv500r002c00spca00

huaweite60Matchv500r002c00spcb00

huaweite60Matchv500r002c00spcd00

huaweite60Matchv500r002c00spce00

huaweite60Matchv600r006c00

huaweite60Matchv600r006c00spc100

huaweite60Matchv600r006c00spc200

huaweite60Matchv600r006c00spc300

huaweite60Matchv600r006c00spc400

huaweite60Matchv600r006c00spc500

huaweiu1981Matchv200r003c20spc900

CPENameOperatorVersion
dp300eqV500R002C00
dp300eqV500R002C00B010
dp300eqV500R002C00B011
dp300eqV500R002C00B012
dp300eqV500R002C00B013
dp300eqV500R002C00B014
dp300eqV500R002C00B017
dp300eqV500R002C00B018
dp300eqV500R002C00SPC100
dp300eqV500R002C00SPC200

Name	Operator	Version
dp300	eq	V500R002C00
dp300	eq	V500R002C00B010
dp300	eq	V500R002C00B011
dp300	eq	V500R002C00B012
dp300	eq	V500R002C00B013
dp300	eq	V500R002C00B014
dp300	eq	V500R002C00B017
dp300	eq	V500R002C00B018
dp300	eq	V500R002C00SPC100
dp300	eq	V500R002C00SPC200

Rows per page:

1-10 of 941

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

0.002 Low

EPSS

Percentile

54.0%

JSON

Related for HUAWEI-SA-20171220-02-CIDAM