Lucene search

[email protected]CVE-2017-17166

HistoryFeb 15, 2018 - 4:29 p.m.

CVE-2017-17166

2018-02-1516:29:02

CWE-400

[email protected]

web.nvd.nist.gov

huawei

v500r002

v500r001c00

resource exhaustion

vulnerability

h.323

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.2%

JSON

Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack memory is exhausted.

Affected configurations

NVD

Node

huaweidp300_firmwareMatchv500r002c00

AND

huaweidp300Match-

Node

huaweisecospace_usg6300_firmwareMatchv500r001c00

huaweisecospace_usg6300_firmwareMatchv500r001c20

huaweisecospace_usg6300_firmwareMatchv500r001c30

huaweisecospace_usg6300_firmwareMatchv500r001c50

AND

huaweisecospace_usg6300Match-

Node

huaweisecospace_usg6500_firmwareMatchv500r001c00

huaweisecospace_usg6500_firmwareMatchv500r001c20

huaweisecospace_usg6500_firmwareMatchv500r001c30

huaweisecospace_usg6500_firmwareMatchv500r001c50

AND

huaweisecospace_usg6500Match-

Node

huaweisecospace_usg6600_firmwareMatchv500r001c00

huaweisecospace_usg6600_firmwareMatchv500r001c20

huaweisecospace_usg6600_firmwareMatchv500r001c30

huaweisecospace_usg6600_firmwareMatchv500r001c50

AND

huaweisecospace_usg6600Match-

Node

huaweitp3206_firmwareMatchv100r002c00

AND

huaweitp3206Match-

Node

huaweivp9660_firmwareMatchv500r002c00

huaweivp9660_firmwareMatchv500r002c10

AND

huaweivp9660Match-

CPENameOperatorVersion
huawei:dp300_firmwarehuawei dp300 firmwareeqv500r002c00

CPE	Name	Operator	Version
huawei:dp300_firmware	huawei dp300 firmware	eq	v500r002c00

CNA Affected

[
  {
    "product": "DP300, Secospace USG6300,Secospace USG6500,Secospace USG6600,TP3206, VP9660",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "DP300 V500R002C00,Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50,Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50,Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50,TP3206 V100R002C00,VP9660 V500R002C00, V500R002C10"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-h323-en

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.2%

JSON

Related for CVE-2017-17166

prion1 cvelist1 openvas1 nvd1 huawei1