Lucene search

HuaweiCVE-2017-17300

HistoryFeb 15, 2018 - 4:29 p.m.

CVE-2017-17300

2018-02-1516:29:03

CWE-20

huawei

web.nvd.nist.gov

huawei

cve-2017-17300

vulnerability

numeric errors

tcp

keychain authentication

nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

60.0%

JSON

Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00, V200R009C00, S6700 V200R008C00, V200R009C00, S7700 V200R008C00, V200R009C00, S9700 V200R008C00, V200R009C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specific TCP messages with keychain authentication option to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause the affected products to reset.

Affected configurations

Nvd

Node

huaweis12700_firmwareMatchv200r008c00

huaweis12700_firmwareMatchv200r009c00

AND

huaweis12700Match-

Node

huaweis5700_firmwareMatchv200r007c00

huaweis5700_firmwareMatchv200r008c00

huaweis5700_firmwareMatchv200r009c00

AND

huaweis5700Match-

Node

huaweis6700_firmwareMatchv200r008c00

huaweis6700_firmwareMatchv200r009c00

AND

huaweis6700Match-

Node

huaweis7700_firmwareMatchv200r008c00

huaweis7700_firmwareMatchv200r009c00

AND

huaweis7700Match-

Node

huaweis9700_firmwareMatchv200r008c00

huaweis9700_firmwareMatchv200r009c00

AND

huaweis9700Match-

VendorProductVersionCPE
huaweis12700_firmwarev200r008c00cpe:2.3:o:huawei:s12700_firmware:v200r008c00:*:*:*:*:*:*:*
huaweis12700_firmwarev200r009c00cpe:2.3:o:huawei:s12700_firmware:v200r009c00:*:*:*:*:*:*:*
huaweis12700-cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*
huaweis5700_firmwarev200r007c00cpe:2.3:o:huawei:s5700_firmware:v200r007c00:*:*:*:*:*:*:*
huaweis5700_firmwarev200r008c00cpe:2.3:o:huawei:s5700_firmware:v200r008c00:*:*:*:*:*:*:*
huaweis5700_firmwarev200r009c00cpe:2.3:o:huawei:s5700_firmware:v200r009c00:*:*:*:*:*:*:*
huaweis5700-cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:*
huaweis6700_firmwarev200r008c00cpe:2.3:o:huawei:s6700_firmware:v200r008c00:*:*:*:*:*:*:*
huaweis6700_firmwarev200r009c00cpe:2.3:o:huawei:s6700_firmware:v200r009c00:*:*:*:*:*:*:*
huaweis6700-cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	s12700_firmware	v200r008c00	cpe:2.3:o:huawei:s12700_firmware:v200r008c00:::::::*
huawei	s12700_firmware	v200r009c00	cpe:2.3:o:huawei:s12700_firmware:v200r009c00:::::::*
huawei	s12700	-	cpe:2.3:h:huawei:s12700:-:::::::*
huawei	s5700_firmware	v200r007c00	cpe:2.3:o:huawei:s5700_firmware:v200r007c00:::::::*
huawei	s5700_firmware	v200r008c00	cpe:2.3:o:huawei:s5700_firmware:v200r008c00:::::::*
huawei	s5700_firmware	v200r009c00	cpe:2.3:o:huawei:s5700_firmware:v200r009c00:::::::*
huawei	s5700	-	cpe:2.3:h:huawei:s5700:-:::::::*
huawei	s6700_firmware	v200r008c00	cpe:2.3:o:huawei:s6700_firmware:v200r008c00:::::::*
huawei	s6700_firmware	v200r009c00	cpe:2.3:o:huawei:s6700_firmware:v200r009c00:::::::*
huawei	s6700	-	cpe:2.3:h:huawei:s6700:-:::::::*

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "product": "S12700,S5700,S6700,S7700,S9700",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00, V200R009C00, S6700 V200R008C00, V200R009C00, S7700 V200R008C00, V200R009C00, S9700 V200R008C00, V200R009C00"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-router-en

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

60.0%

JSON

Related for CVE-2017-17300