Lucene search

[email protected]CVE-2017-17160

HistoryFeb 15, 2018 - 4:29 p.m.

CVE-2017-17160

2018-02-1516:29:02

CWE-787

[email protected]

web.nvd.nist.gov

huawei

ar120-s

ar1200

ar150

ar160

ar200

ar2200

ar3200

ar3600

ar510

netengine16ex

srg1300

srg2300

srg3300

cve-2017-17160

nvd

buffer overflow

vulnerability

range checks

input data

remote attacker

ike packets

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

JSON

Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, NetEngine16EX V200R006C10, V200R007C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, SRG2300 V200R006C10, V200R007C00, V200R007C02, SRG3300 V200R006C10, V200R007C00 have a buffer overflow vulnerability due to incomplete range checks of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious IKE packets to the targeted device. An exploit could allow the attacker to cause the device to write out of bound and restart.

Affected configurations

NVD

Node

huaweiar120-s_firmwareMatchv200r006c10

huaweiar120-s_firmwareMatchv200r007c00

AND

huaweiar120-sMatch-

Node

huaweiar1200_firmwareMatchv200r006c10

huaweiar1200_firmwareMatchv200r006c13

huaweiar1200_firmwareMatchv200r007c00

huaweiar1200_firmwareMatchv200r007c02

AND

huaweiar1200Match-

Node

huaweiar1200-s_firmwareMatchv200r006c10

huaweiar1200-s_firmwareMatchv200r007c00

huaweiar1200-s_firmwareMatchv200r008c20

AND

huaweiar1200-sMatch-

Node

huaweiar150_firmwareMatchv200r006c10

huaweiar150_firmwareMatchv200r007c00

huaweiar150_firmwareMatchv200r007c02

AND

huaweiar150Match-

Node

huaweiar150-s_firmwareMatchv200r006c10

huaweiar150-s_firmwareMatchv200r007c00

AND

huaweiar150-sMatch-

Node

huaweiar160_firmwareMatchv200r006c10

huaweiar160_firmwareMatchv200r006c12

huaweiar160_firmwareMatchv200r007c00

huaweiar160_firmwareMatchv200r007c02

AND

huaweiar160Match-

Node

huaweiar200_firmwareMatchv200r006c10

huaweiar200_firmwareMatchv200r007c00

AND

huaweiar200Match-

Node

huaweiar200-s_firmwareMatchv200r006c10

huaweiar200-s_firmwareMatchv200r007c00

AND

huaweiar200-sMatch-

Node

huaweiar2200_firmwareMatchv200r006c10

huaweiar2200_firmwareMatchv200r006c13

huaweiar2200_firmwareMatchv200r006c16pwe

huaweiar2200_firmwareMatchv200r007c00

AND

huaweiar2200Match-

Node

huaweiar2200-s_firmwareMatchv200r006c10

huaweiar2200-s_firmwareMatchv200r007c00

huaweiar2200-s_firmwareMatchv200r008c20

AND

huaweiar2200-sMatch-

Node

huaweiar3200_firmwareMatchv200r006c10

huaweiar3200_firmwareMatchv200r006c11

huaweiar3200_firmwareMatchv200r007c00

huaweiar3200_firmwareMatchv200r007c02

AND

huaweiar3200Match-

Node

huaweiar3600_firmwareMatchv200r006c10

huaweiar3600_firmwareMatchv200r007c00

AND

huaweiar3600Match-

Node

huaweiar510_firmwareMatchv200r006c12

huaweiar510_firmwareMatchv200r006c13

huaweiar510_firmwareMatchv200r006c15

huaweiar510_firmwareMatchv200r006c16

huaweiar510_firmwareMatchv200r006c17

huaweiar510_firmwareMatchv200r007c00

AND

huaweiar510Match-

Node

huaweinetengine16ex_firmwareMatchv200r006c10

huaweinetengine16ex_firmwareMatchv200r007c00

AND

huaweinetengine16exMatch-

Node

huaweisrg1300_firmwareMatchv200r006c10

huaweisrg1300_firmwareMatchv200r007c00

huaweisrg1300_firmwareMatchv200r007c02

AND

huaweisrg1300Match-

Node

huaweisrg2300_firmwareMatchv200r006c10

huaweisrg2300_firmwareMatchv200r007c00

huaweisrg2300_firmwareMatchv200r007c02

AND

huaweisrg2300Match-

Node

huaweisrg3300_firmwareMatchv200r006c10

huaweisrg3300_firmwareMatchv200r007c00

AND

huaweisrg3300Match-

CPENameOperatorVersion
huawei:ar120-s_firmwarehuawei ar120-s firmwareeqv200r006c10
huawei:ar120-s_firmwarehuawei ar120-s firmwareeqv200r007c00

CPE	Name	Operator	Version
huawei:ar120-s_firmware	huawei ar120-s firmware	eq	v200r006c10
huawei:ar120-s_firmware	huawei ar120-s firmware	eq	v200r007c00

CNA Affected

[
  {
    "product": "AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,NetEngine16EX,SRG1300,SRG2300,SRG3300",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, NetEngine16EX V200R006C10, V200R007C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, SRG2300 V200R006C10, V200R007C00, V200R007C02, SRG3300 V200R006C10, V200R007C00"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-ike-en

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for CVE-2017-17160

huawei1 openvas1 nvd1 prion1 cvelist1