Lucene search

[email protected]NVD:CVE-2017-17287

HistoryFeb 15, 2018 - 4:29 p.m.

CVE-2017-17287

2018-02-1516:29:02

CWE-119

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON

Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R005C32, V200R007C00, V200R008C20, V200R008C30, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR2200 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, NetEngine16EX V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bound read vulnerability in some Huawei products. Due to insufficient input validation, a remote, unauthenticated attacker may send crafted signature to the affected products. Successful exploit may cause buffer overflow, services abnormal.

Affected configurations

NVD

Node

huaweiar120-s_firmwareMatchv200r005c32

huaweiar120-s_firmwareMatchv200r006c10

huaweiar120-s_firmwareMatchv200r007c00

huaweiar120-s_firmwareMatchv200r008c20

huaweiar120-s_firmwareMatchv200r008c30

AND

huaweiar120-sMatch-

Node

huaweiar1200_firmwareMatchv200r005c32

huaweiar1200_firmwareMatchv200r006c10

huaweiar1200_firmwareMatchv200r007c00

huaweiar1200_firmwareMatchv200r007c01

huaweiar1200_firmwareMatchv200r007c02

huaweiar1200_firmwareMatchv200r008c20

huaweiar1200_firmwareMatchv200r008c30

AND

huaweiar1200Match-

Node

huaweiar1200-s_firmwareMatchv200r005c32

huaweiar1200-s_firmwareMatchv200r006c10

huaweiar1200-s_firmwareMatchv200r007c00

huaweiar1200-s_firmwareMatchv200r008c20

huaweiar1200-s_firmwareMatchv200r008c30

AND

huaweiar1200-sMatch-

Node

huaweiar150_firmwareMatchv200r005c32

huaweiar150_firmwareMatchv200r006c10

huaweiar150_firmwareMatchv200r007c00

huaweiar150_firmwareMatchv200r007c01

huaweiar150_firmwareMatchv200r007c02

huaweiar150_firmwareMatchv200r008c20

huaweiar150_firmwareMatchv200r008c30

AND

huaweiar150Match-

Node

huaweiar150-s_firmwareMatchv200r005c32

huaweiar150-s_firmwareMatchv200r007c00

huaweiar150-s_firmwareMatchv200r008c20

huaweiar150-s_firmwareMatchv200r008c30

AND

huaweiar150-sMatch-

Node

huaweiar160_firmwareMatchv200r005c32

huaweiar160_firmwareMatchv200r006c10

huaweiar160_firmwareMatchv200r007c00

huaweiar160_firmwareMatchv200r007c01

huaweiar160_firmwareMatchv200r007c02

huaweiar160_firmwareMatchv200r008c20

huaweiar160_firmwareMatchv200r008c30

AND

huaweiar160Match-

Node

huaweiar200_firmwareMatchv200r005c32

huaweiar200_firmwareMatchv200r006c10

huaweiar200_firmwareMatchv200r007c00

huaweiar200_firmwareMatchv200r007c01

huaweiar200_firmwareMatchv200r008c20

huaweiar200_firmwareMatchv200r008c30

AND

huaweiar200Match-

Node

huaweiar200-s_firmwareMatchv200r005c32

huaweiar200-s_firmwareMatchv200r006c10

huaweiar200-s_firmwareMatchv200r007c00

huaweiar200-s_firmwareMatchv200r008c20

huaweiar200-s_firmwareMatchv200r008c30

AND

huaweiar200-sMatch-

Node

huaweiar2200_firmwareMatchv200r006c10

huaweiar2200_firmwareMatchv200r007c00

huaweiar2200_firmwareMatchv200r007c01

huaweiar2200_firmwareMatchv200r007c02

huaweiar2200_firmwareMatchv200r008c20

huaweiar2200_firmwareMatchv200r008c30

AND

huaweiar2200Match-

Node

huaweiar2200-s_firmwareMatchv200r005c32

huaweiar2200-s_firmwareMatchv200r006c10

huaweiar2200-s_firmwareMatchv200r007c00

huaweiar2200-s_firmwareMatchv200r008c20

huaweiar2200-s_firmwareMatchv200r008c30

AND

huaweiar2200-sMatch-

Node

huaweiar3200_firmwareMatchv200r005c32

huaweiar3200_firmwareMatchv200r006c10

huaweiar3200_firmwareMatchv200r006c11

huaweiar3200_firmwareMatchv200r007c00

huaweiar3200_firmwareMatchv200r007c01

huaweiar3200_firmwareMatchv200r007c02

huaweiar3200_firmwareMatchv200r008c00

huaweiar3200_firmwareMatchv200r008c10

huaweiar3200_firmwareMatchv200r008c20

huaweiar3200_firmwareMatchv200r008c30

AND

huaweiar3200Match-

Node

huaweiar3600_firmwareMatchv200r006c10

huaweiar3600_firmwareMatchv200r007c00

huaweiar3600_firmwareMatchv200r007c01

huaweiar3600_firmwareMatchv200r008c20

AND

huaweiar3600Match-

Node

huaweiar510_firmwareMatchv200r005c32

huaweiar510_firmwareMatchv200r006c10

huaweiar510_firmwareMatchv200r007c00

huaweiar510_firmwareMatchv200r008c20

huaweiar510_firmwareMatchv200r008c30

AND

huaweiar510Match-

Node

huaweinetengine16ex_firmwareMatchv200r005c32

huaweinetengine16ex_firmwareMatchv200r006c10

huaweinetengine16ex_firmwareMatchv200r007c00

huaweinetengine16ex_firmwareMatchv200r008c20

huaweinetengine16ex_firmwareMatchv200r008c30

AND

huaweinetengine16exMatch-

Node

huaweisrg1300_firmwareMatchv200r005c32

huaweisrg1300_firmwareMatchv200r006c10

huaweisrg1300_firmwareMatchv200r007c00

huaweisrg1300_firmwareMatchv200r007c02

huaweisrg1300_firmwareMatchv200r008c20

huaweisrg1300_firmwareMatchv200r008c30

AND

huaweisrg1300Match-

Node

huaweisrg2300_firmwareMatchv200r005c32

huaweisrg2300_firmwareMatchv200r006c10

huaweisrg2300_firmwareMatchv200r007c00

huaweisrg2300_firmwareMatchv200r007c02

huaweisrg2300_firmwareMatchv200r008c20

huaweisrg2300_firmwareMatchv200r008c30

AND

huaweisrg2300Match-

Node

huaweisrg3300_firmwareMatchv200r005c32

huaweisrg3300_firmwareMatchv200r006c10

huaweisrg3300_firmwareMatchv200r007c00

huaweisrg3300_firmwareMatchv200r008c20

huaweisrg3300_firmwareMatchv200r008c30

AND

huaweisrg3300Match-

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-encryption-en

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON

Related for NVD:CVE-2017-17287

prion1 cvelist1 cve1 openvas1 huawei1