CVE-2017-15353

Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C00, TE60, V100R001C01, V100R001C10, V500R002C00, V600R006C00, TX50, V500R002C00, V600R006C00, VP9660, V500R002C00, V500R002C10, ViewPoint 8660, V100R008C03, ViewPoint 9030, V100R011C02, V100R011C03, Viewpoint 8660, V100R008C03 have an out-of-bounds read vulnerability. An attacker has to control the peer device and send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause some service abnormal.

CVSS v3 3.7 LOW
CVSS v2.0 4.3 MEDIUM

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-h323-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:huawei:rp200_firmware:v500r002c00:::::::*
	cpe:2.3:o:huawei:rp200_firmware:v600r006c00:::::::*

cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:huawei:rse6500_firmware:v500r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rse6500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:huawei:te30_firmware:v100r001c02:::::::*
	cpe:2.3:o:huawei:te30_firmware:v100r001c10:::::::*
	cpe:2.3:o:huawei:te30_firmware:v500r002c00:::::::*
	cpe:2.3:o:huawei:te30_firmware:v600r006c00:::::::*

cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:huawei:te40_firmware:v500r002c00:::::::*
	cpe:2.3:o:huawei:te40_firmware:v600r006c00:::::::*

cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:huawei:te50_firmware:v500r002c00:::::::*
	cpe:2.3:o:huawei:te50_firmware:v600r006c00:::::::*

cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:huawei:te60_firmware:v100r001c01:::::::*
	cpe:2.3:o:huawei:te60_firmware:v100r001c10:::::::*
	cpe:2.3:o:huawei:te60_firmware:v500r002c00:::::::*
	cpe:2.3:o:huawei:te60_firmware:v600r006c00:::::::*

cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:huawei:tx50_firmware:v500r002c00:::::::*
	cpe:2.3:o:huawei:tx50_firmware:v600r006c00:::::::*

cpe:2.3:h:huawei:tx50:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:huawei:viewpoint_8660_firmware:v100r008c03:*:*:*:*:*:*:*

cpe:2.3:h:huawei:viewpoint_8660:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

OR	cpe:2.3:o:huawei:vp9660_firmware:v500r002c00:::::::*
	cpe:2.3:o:huawei:vp9660_firmware:v500r002c10:::::::*

cpe:2.3:h:huawei:vp9660:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

OR	cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:::::::*
	cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:::::::*

cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-02-15 16:29

Updated : 2024-02-04 19:46

NVD link : CVE-2017-15353

Mitre link : CVE-2017-15353

CVE.ORG link : CVE-2017-15353

JSON object : View

Products Affected

huawei

viewpoint_8660
te60_firmware
rse6500
tx50_firmware
dp300_firmware
te40_firmware
viewpoint_9030_firmware
rp200_firmware
te40
dp300
rse6500_firmware
te60
rp200
te50_firmware
vp9660
viewpoint_9030
te30
viewpoint_8660_firmware
vp9660_firmware
te30_firmware
te50
tx50

CWE

CWE-125

Out-of-bounds Read

3.7 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2017-15353

3.7^/10

4.3^/10

Attach tags to `CVE-2017-15353`