Lucene search

[email protected]CVE-2017-17281

HistoryMar 09, 2018 - 5:29 p.m.

CVE-2017-17281

2018-03-0917:29:01

CWE-125

[email protected]

web.nvd.nist.gov

cve-2017-17281

sftp module

huawei

dp300

rp200

te30

te40

te50

te60

v500r002c00

v600r006c00

v100r001c10

information leak

remote attacker

authenticated

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

JSON

SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. A remote, authenticated attacker could exploit this vulnerability by sending specially crafted messages to a target device. Successful exploit may cause some information leak.

Affected configurations

NVD

Node

huaweidp300_firmwareMatchv500r002c00

AND

huaweidp300Match-

Node

huaweirp200_firmwareMatchv600r006c00

AND

huaweirp200Match-

Node

huaweite30_firmwareMatchv100r001c10

huaweite30_firmwareMatchv500r002c00

huaweite30_firmwareMatchv600r006c00

AND

huaweite30Match-

Node

huaweite40_firmwareMatchv500r002c00

huaweite40_firmwareMatchv600r006c00

AND

huaweite40Match-

Node

huaweite50_firmwareMatchv500r002c00

huaweite50_firmwareMatchv600r006c00

AND

huaweite50Match-

Node

huaweite60_firmwareMatchv100r001c10

huaweite60_firmwareMatchv500r002c00

huaweite60_firmwareMatchv600r006c00

AND

huaweite60Match-

CPENameOperatorVersion
huawei:dp300_firmwarehuawei dp300 firmwareeqv500r002c00

CPE	Name	Operator	Version
huawei:dp300_firmware	huawei dp300 firmware	eq	v500r002c00

CNA Affected

[
  {
    "product": "DP300; RP200; TE30; TE40; TE50; TE60",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "DP300 V500R002C00"
      },
      {
        "status": "affected",
        "version": "RP200 V600R006C00"
      },
      {
        "status": "affected",
        "version": "TE30 V100R001C10"
      },
      {
        "status": "affected",
        "version": "V500R002C00"
      },
      {
        "status": "affected",
        "version": "V600R006C00"
      },
      {
        "status": "affected",
        "version": "TE40 V500R002C00"
      },
      {
        "status": "affected",
        "version": "TE50 V500R002C00"
      },
      {
        "status": "affected",
        "version": "TE60 V100R001C10"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180228-01-sftp-en

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

JSON

Related for CVE-2017-17281

prion1 cvelist1 nvd1 huawei1