Lucene search

[email protected]NVD:CVE-2017-17143

HistoryMar 05, 2018 - 7:29 p.m.

CVE-2017-17143

2018-03-0519:29:00

CWE-119

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

39.9%

JSON

SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; RSE6500 V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC300T; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00T; TE30 V100R001C10; V100R001C10SPC100; V100R001C10SPC200B010; V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V100R001C10SPC800; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE60 V100R001C01SPC100; V100R001C01SPC107TB010; V100R001C10; V100R001C10SPC300; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800; V100R001C10SPC900; V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300; TP3106 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C00SPC800; TP3206 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C10; ViewPoint 9030 V100R011C02SPC100; V100R011C03B012SP15; V100R011C03B012SP16; V100R011C03B015SP03; V100R011C03LGWL01SPC100; V100R011C03SPC100; V100R011C03SPC200; V100R011C03SPC300; V100R011C03SPC400; V100R011C03SPC500; eSpace U1960 V200R003C30SPC200; eSpace U1981 V100R001C20SPC700; V200R003C20SPCa00 has an overflow vulnerability that the module cannot parse a malformed SIP message when validating variables. Attacker can exploit it to make one process reboot at random.

Affected configurations

NVD

Node

huaweidp300_firmwareMatchv500r002c00

huaweidp300_firmwareMatchv500r002c00spc100

huaweidp300_firmwareMatchv500r002c00spc200

huaweidp300_firmwareMatchv500r002c00spc300

huaweidp300_firmwareMatchv500r002c00spc400

huaweidp300_firmwareMatchv500r002c00spc500

huaweidp300_firmwareMatchv500r002c00spc600

huaweidp300_firmwareMatchv500r002c00spc800

huaweidp300_firmwareMatchv500r002c00spc900

huaweidp300_firmwareMatchv500r002c00spca00

AND

huaweidp300Match-

Node

huaweirp200_firmwareMatchv500r002c00spc200

huaweirp200_firmwareMatchv600r006c00

huaweirp200_firmwareMatchv600r006c00spc200

AND

huaweirp200Match-

Node

huaweirse6500_firmwareMatchv500r002c00spc100

huaweirse6500_firmwareMatchv500r002c00spc200

huaweirse6500_firmwareMatchv500r002c00spc300

huaweirse6500_firmwareMatchv500r002c00spc300t

huaweirse6500_firmwareMatchv500r002c00spc500

huaweirse6500_firmwareMatchv500r002c00spc600

huaweirse6500_firmwareMatchv500r002c00spc700

huaweirse6500_firmwareMatchv500r002c00t

AND

huaweirse6500Match-

Node

huaweite30_firmwareMatchv100r001c10

huaweite30_firmwareMatchv100r001c10spc100

huaweite30_firmwareMatchv100r001c10spc200b010

huaweite30_firmwareMatchv100r001c10spc300

huaweite30_firmwareMatchv100r001c10spc500

huaweite30_firmwareMatchv100r001c10spc600

huaweite30_firmwareMatchv100r001c10spc700b010

huaweite30_firmwareMatchv100r001c10spc800

huaweite30_firmwareMatchv500r002c00spc200

huaweite30_firmwareMatchv500r002c00spc500

huaweite30_firmwareMatchv500r002c00spc600

huaweite30_firmwareMatchv500r002c00spc700

huaweite30_firmwareMatchv500r002c00spc900

huaweite30_firmwareMatchv500r002c00spcb00

huaweite30_firmwareMatchv600r006c00

AND

huaweite30Match-

Node

huaweite40_firmwareMatchv500r002c00spc600

huaweite40_firmwareMatchv500r002c00spc700

huaweite40_firmwareMatchv500r002c00spc900

huaweite40_firmwareMatchv500r002c00spcb00

huaweite40_firmwareMatchv600r006c00

huaweite40_firmwareMatchv600r006c00spc200

AND

huaweite40Match-

Node

huaweite50_firmwareMatchv500r002c00spc600

huaweite50_firmwareMatchv500r002c00spc700

huaweite50_firmwareMatchv500r002c00spcb00

huaweite50_firmwareMatchv600r006c00

huaweite50_firmwareMatchv600r006c00spc200

AND

huaweite50Match-

Node

huaweite60_firmwareMatchv100r001c01spc100

huaweite60_firmwareMatchv100r001c01spc107tb010

huaweite60_firmwareMatchv100r001c10

huaweite60_firmwareMatchv100r001c10spc300

huaweite60_firmwareMatchv100r001c10spc400

huaweite60_firmwareMatchv100r001c10spc500

huaweite60_firmwareMatchv100r001c10spc600

huaweite60_firmwareMatchv100r001c10spc700

huaweite60_firmwareMatchv100r001c10spc800

huaweite60_firmwareMatchv100r001c10spc900

huaweite60_firmwareMatchv500r002c00

huaweite60_firmwareMatchv500r002c00spc100

huaweite60_firmwareMatchv500r002c00spc200

huaweite60_firmwareMatchv500r002c00spc300

huaweite60_firmwareMatchv500r002c00spc600

huaweite60_firmwareMatchv500r002c00spc700

huaweite60_firmwareMatchv500r002c00spc800

huaweite60_firmwareMatchv500r002c00spc900

huaweite60_firmwareMatchv500r002c00spca00

huaweite60_firmwareMatchv500r002c00spcb00

huaweite60_firmwareMatchv500r002c00spcd00

huaweite60_firmwareMatchv600r006c00

huaweite60_firmwareMatchv600r006c00spc100

huaweite60_firmwareMatchv600r006c00spc200

huaweite60_firmwareMatchv600r006c00spc300

AND

huaweite60Match-

Node

huaweitp3106_firmwareMatchv100r002c00

huaweitp3106_firmwareMatchv100r002c00spc200

huaweitp3106_firmwareMatchv100r002c00spc400

huaweitp3106_firmwareMatchv100r002c00spc600

huaweitp3106_firmwareMatchv100r002c00spc700

huaweitp3106_firmwareMatchv100r002c00spc800

AND

huaweitp3106Match-

Node

huaweitp3206_firmwareMatchv100r002c00

huaweitp3206_firmwareMatchv100r002c00spc200

huaweitp3206_firmwareMatchv100r002c00spc400

huaweitp3206_firmwareMatchv100r002c00spc600

huaweitp3206_firmwareMatchv100r002c00spc700

huaweitp3206_firmwareMatchv100r002c10

AND

huaweitp3206Match-

Node

huaweiviewpoint_9030_firmwareMatchv100r011c02spc100

huaweiviewpoint_9030_firmwareMatchv100r011c03b012sp15

huaweiviewpoint_9030_firmwareMatchv100r011c03b012sp16

huaweiviewpoint_9030_firmwareMatchv100r011c03b015sp03

huaweiviewpoint_9030_firmwareMatchv100r011c03lgwl01spc100

huaweiviewpoint_9030_firmwareMatchv100r011c03spc100

huaweiviewpoint_9030_firmwareMatchv100r011c03spc200

huaweiviewpoint_9030_firmwareMatchv100r011c03spc300

huaweiviewpoint_9030_firmwareMatchv100r011c03spc400

huaweiviewpoint_9030_firmwareMatchv100r011c03spc500

AND

huaweiviewpoint_9030Match-

Node

huaweiespace_u1960_firmwareMatchv200r003c30spc200

AND

huaweiespace_u1960Match-

Node

huaweiespace_u1981_firmwareMatchv100r001c20spc700

huaweiespace_u1981_firmwareMatchv200r003c20spca00

AND

huaweiespace_u1981Match-

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-sip-en

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

39.9%

JSON

Related for NVD:CVE-2017-17143

cve1 prion1 cvelist1 huawei1