Lucene search

[email protected]NVD:CVE-2017-17250

HistoryMar 09, 2018 - 5:29 p.m.

CVE-2017-17250

2018-03-0917:29:01

CWE-787

[email protected]

web.nvd.nist.gov

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

61.9%

JSON

Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash.

Affected configurations

NVD

Node

huaweiar120-s_firmwareMatchv200r005c32

AND

huaweiar120-sMatch-

Node

huaweiar1200_firmwareMatchv200r005c32

AND

huaweiar1200Match-

Node

huaweiar1200-s_firmwareMatchv200r005c32

AND

huaweiar1200-sMatch-

Node

huaweiar150_firmwareMatchv200r005c32

AND

huaweiar150Match-

Node

huaweiar160_firmwareMatchv200r005c32

AND

huaweiar160Match-

Node

huaweiar200_firmwareMatchv200r005c32

AND

huaweiar200Match-

Node

huaweiar200-s_firmwareMatchv200r005c32

AND

huaweiar200-sMatch-

Node

huaweiar150-s_firmwareMatchv200r005c32

AND

huaweiar150-sMatch-

Node

huaweiar2200-s_firmwareMatchv200r005c32

AND

huaweiar2200-sMatch-

Node

huaweiar3200_firmwareMatchv200r005c32

huaweiar3200_firmwareMatchv200r007c00

AND

huaweiar3200Match-

Node

huaweiar510_firmwareMatchv200r005c32

AND

huaweiar510Match-

Node

huaweinetengine16ex_firmwareMatchv200r005c32

AND

huaweinetengine16exMatch-

Node

huaweis12700_firmwareMatchv200r007c00

huaweis12700_firmwareMatchv200r007c01

huaweis12700_firmwareMatchv200r008c00

AND

huaweis12700Match-

Node

huaweis2700_firmwareMatchv200r006c10

huaweis2700_firmwareMatchv200r007c00

huaweis2700_firmwareMatchv200r008c00

AND

huaweis2700Match-

Node

huaweis5700_firmwareMatchv200r007c00

huaweis5700_firmwareMatchv200r008c00

AND

huaweis5700Match-

Node

huaweis6700_firmwareMatchv200r008c00

AND

huaweis6700Match-

Node

huaweis7700_firmwareMatchv200r007c00

huaweis7700_firmwareMatchv200r008c00

AND

huaweis7700Match-

Node

huaweis9700_firmwareMatchv200r007c00

huaweis9700_firmwareMatchv200r007c01

huaweis9700_firmwareMatchv200r008c00

AND

huaweis9700Match-

Node

huaweisrg1300_firmwareMatchv200r005c32

AND

huaweisrg1300Match-

Node

huaweisrg2300_firmwareMatchv200r005c32

AND

huaweisrg2300Match-

Node

huaweisrg3300_firmwareMatchv200r005c32

AND

huaweisrg3300Match-

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

61.9%

JSON

Related for NVD:CVE-2017-17250

openvas1 prion1 cvelist1 cve1 huawei1