Lucene search

Huawei TechnologiesHUAWEI-SA-20180207-01-ENCRYPTION

HistoryFeb 07, 2018 - 12:00 a.m.

Security Advisory - Two Buffer Overflow Vulnerabilities in Some Huawei Products

2018-02-0700:00:00

Huawei Technologies

www.huawei.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.2%

JSON

There is an out-of-bound write vulnerability in some Huawei products. Due to insufficient input validation, a remote, unauthenticated attacker may craft encryption key to the affected products. Successful exploit may cause buffer overflow, services abnormal. (Vulnerability ID: HWPSIRT-2017-11058)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17286.

There is an out-of-bound read vulnerability in some Huawei products. Due to insufficient input validation, a remote, unauthenticated attacker may send crafted signature to the affected products. Successful exploit may cause buffer overflow, services abnormal. (Vulnerability ID: HWPSIRT-2017-11059)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17287.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-encryption-en

Affected configurations

Vulners

Node

huaweiar120-sMatchV200R005C32

huaweiar120-sMatchV200R006C10

huaweiar120-sMatchV200R007C00

huaweiar120-sMatchV200R008C20

huaweiar120-sMatchV200R008C30

huaweiar1200MatchV200R005C32

huaweiar1200MatchV200R006C10

huaweiar1200MatchV200R007C00

huaweiar1200MatchV200R007C01

huaweiar1200MatchV200R007C02

huaweiar1200MatchV200R008C20

huaweiar1200MatchV200R008C30

huaweiar1200-sMatchV200R005C32

huaweiar1200-sMatchV200R006C10

huaweiar1200-sMatchV200R007C00

huaweiar1200-sMatchV200R008C20

huaweiar1200-sMatchV200R008C30

huaweiar150MatchV200R005C32

huaweiar150MatchV200R006C10

huaweiar150MatchV200R007C00

huaweiar150MatchV200R007C01

huaweiar150MatchV200R007C02

huaweiar150MatchV200R008C20

huaweiar150MatchV200R008C30

huaweiar150-sMatchV200R005C32

huaweiar150-sMatchV200R007C00

huaweiar150-sMatchV200R008C20

huaweiar150-sMatchV200R008C30

huaweiar160MatchV200R005C32

huaweiar160MatchV200R006C10

huaweiar160MatchV200R007C00

huaweiar160MatchV200R007C01

huaweiar160MatchV200R007C02

huaweiar160MatchV200R008C20

huaweiar160MatchV200R008C30

huaweiar200MatchV200R005C32

huaweiar200MatchV200R006C10

huaweiar200MatchV200R007C00

huaweiar200MatchV200R007C01

huaweiar200MatchV200R008C20

huaweiar200MatchV200R008C30

huaweiar200-sMatchV200R005C32

huaweiar200-sMatchV200R006C10

huaweiar200-sMatchV200R007C00

huaweiar200-sMatchV200R008C20

huaweiar200-sMatchV200R008C30

huaweiar2200MatchV200R006C10

huaweiar2200MatchV200R007C00

huaweiar2200MatchV200R007C01

huaweiar2200MatchV200R007C02

huaweiar2200MatchV200R008C20

huaweiar2200MatchV200R008C30

huaweiar2200-sMatchV200R005C32

huaweiar2200-sMatchV200R006C10

huaweiar2200-sMatchV200R007C00

huaweiar2200-sMatchV200R008C20

huaweiar2200-sMatchV200R008C30

huaweiar3200MatchV200R005C32

huaweiar3200MatchV200R006C10

huaweiar3200MatchV200R006C11

huaweiar3200MatchV200R007C00

huaweiar3200MatchV200R007C01

huaweiar3200MatchV200R007C02

huaweiar3200MatchV200R008C00

huaweiar3200MatchV200R008C10

huaweiar3200MatchV200R008C20

huaweiar3200MatchV200R008C30

huaweiar3600MatchV200R006C10

huaweiar3600MatchV200R007C00

huaweiar3600MatchV200R007C01

huaweiar3600MatchV200R008C20

huaweiar510MatchV200R005C32

huaweiar510MatchV200R006C10

huaweiar510MatchV200R007C00

huaweiar510MatchV200R008C20

huaweiar510MatchV200R008C30

huaweinetengine16exMatchV200R005C32

huaweinetengine16exMatchV200R006C10

huaweinetengine16exMatchV200R007C00

huaweinetengine16exMatchV200R008C20

huaweinetengine16exMatchV200R008C30

huaweisrg1300MatchV200R005C32

huaweisrg1300MatchV200R006C10

huaweisrg1300MatchV200R007C00

huaweisrg1300MatchV200R007C02

huaweisrg1300MatchV200R008C20

huaweisrg1300MatchV200R008C30

huaweisrg2300MatchV200R005C32

huaweisrg2300MatchV200R006C10

huaweisrg2300MatchV200R007C00

huaweisrg2300MatchV200R007C02

huaweisrg2300MatchV200R008C20

huaweisrg2300MatchV200R008C30

huaweisrg3300MatchV200R005C32

huaweisrg3300MatchV200R006C10

huaweisrg3300MatchV200R007C00

huaweisrg3300MatchV200R008C20

huaweisrg3300MatchV200R008C30

CPENameOperatorVersion
ar120-seqV200R005C32
ar120-seqV200R006C10
ar120-seqV200R007C00
ar120-seqV200R008C20
ar120-seqV200R008C30
ar1200eqV200R005C32
ar1200eqV200R006C10
ar1200eqV200R007C00
ar1200eqV200R007C01
ar1200eqV200R007C02

Name	Operator	Version
ar120-s	eq	V200R005C32
ar120-s	eq	V200R006C10
ar120-s	eq	V200R007C00
ar120-s	eq	V200R008C20
ar120-s	eq	V200R008C30
ar1200	eq	V200R005C32
ar1200	eq	V200R006C10
ar1200	eq	V200R007C00
ar1200	eq	V200R007C01
ar1200	eq	V200R007C02

Rows per page:

1-10 of 981

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.2%

JSON

Related for HUAWEI-SA-20180207-01-ENCRYPTION