Lucene search

[email protected]NVD:CVE-2017-17131

HistoryMar 05, 2018 - 7:29 p.m.

CVE-2017-17131

2018-03-0519:29:00

CWE-835

[email protected]

web.nvd.nist.gov

CVSS2

6.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:N/A:C

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON

Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system when a system manager load the key an infinite loop happens which lead to reboot the system.

Affected configurations

Nvd

Node

huaweidp300_firmwareMatchv500r002c00

AND

huaweidp300Match-

Node

huaweirp200_firmwareMatchv500r002c00

huaweirp200_firmwareMatchv600r006c00

AND

huaweirp200Match-

Node

huaweite30_firmwareMatchv100r001c10

huaweite30_firmwareMatchv600r006c00

AND

huaweite30Match-

Node

huaweite50_firmwareMatchv600r006c00

AND

huaweite50Match-

Node

huaweite60_firmwareMatchv100r001c10

huaweite60_firmwareMatchv500r002c00

huaweite60_firmwareMatchv600r006c00

AND

huaweite60Match-

Node

huaweivp9660_firmwareMatchv500r002c10

AND

huaweivp9660Match-

VendorProductVersionCPE
huaweidp300_firmwarev500r002c00cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*
huaweidp300-cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*
huaweirp200_firmwarev500r002c00cpe:2.3:o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:*
huaweirp200_firmwarev600r006c00cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*
huaweirp200-cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*
huaweite30_firmwarev100r001c10cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*
huaweite30_firmwarev600r006c00cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*
huaweite30-cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*
huaweite50_firmwarev600r006c00cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*
huaweite50-cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	dp300_firmware	v500r002c00	cpe:2.3:o:huawei:dp300_firmware:v500r002c00:::::::*
huawei	dp300	-	cpe:2.3:h:huawei:dp300:-:::::::*
huawei	rp200_firmware	v500r002c00	cpe:2.3:o:huawei:rp200_firmware:v500r002c00:::::::*
huawei	rp200_firmware	v600r006c00	cpe:2.3:o:huawei:rp200_firmware:v600r006c00:::::::*
huawei	rp200	-	cpe:2.3:h:huawei:rp200:-:::::::*
huawei	te30_firmware	v100r001c10	cpe:2.3:o:huawei:te30_firmware:v100r001c10:::::::*
huawei	te30_firmware	v600r006c00	cpe:2.3:o:huawei:te30_firmware:v600r006c00:::::::*
huawei	te30	-	cpe:2.3:h:huawei:te30:-:::::::*
huawei	te50_firmware	v600r006c00	cpe:2.3:o:huawei:te50_firmware:v600r006c00:::::::*
huawei	te50	-	cpe:2.3:h:huawei:te50:-:::::::*

Rows per page:

1-10 of 161

References

www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-01-vpp-en

CVSS2

6.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:N/A:C

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON

Related for NVD:CVE-2017-17131

prion1 cvelist1 huawei1 cve1