Lucene search

Huawei TechnologiesHUAWEI-SA-20171220-03-WINDOWS

HistoryDec 20, 2017 - 12:00 a.m.

Security Advisory - Two Remote Code Execution Vulnerabilities in Microsoft Windows

2017-12-2000:00:00

Huawei Technologies

www.huawei.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.144 Low

EPSS

Percentile

95.8%

JSON

Microsoft released a security advisory to disclose a remote code execution vulnerability in Microsoft Server Message Block 1.0 (SMBv1). A remote attacker could send a specially crafted packet to a targeted SMBv1 server. The attacker could exploit the vulnerability to gain the ability to execute code on the target server. (Vulnerability ID: HWPSIRT-2017-10071)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-11780.

Microsoft released a security advisory to disclose a remote code execution vulnerability in Windows Search. An unauthenticated, remote attacker could send specially crafted messages to the Windows Search service. The attacker could exploit the vulnerability to elevate privileges and take control of the computer. (Vulnerability ID: HWPSIRT-2017-10072)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-11771.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-03-windows-en

Affected configurations

Vulners

Node

huaweianyofficeMatchv200r002c10

huaweianyofficeMatchv200r002c20

huaweianyofficeMatchv200r005c02

huawein2000_applianceMatchv100r001c00

huaweioceanstor_ismMatchv100r001c00

huaweioceanstor_ismMatchv100r001c10

huaweioceanstor_ismMatchv100r001c20

huaweioceanstor_ismMatchv100r001c30

huaweioceanstor_ismMatchv100r001c99

huaweioceanstor_5800_v3Matchv300r003c00

huaweioceanstor_5800_v3Matchv300r003c10

huaweioceanstor_5800_v3Matchv300r003c20

huaweioceanstor_5800_v3Matchv300r006c00

huawei18800Matchv100r001c00

huawei18800Matchv100r001c10

huawei18800Matchv100r001c20

huawei18800Matchv100r001c30

huawei18800Matchv100r001c99

huaweioceanstor_5800_v3Matchv300r003c00

huaweioceanstor_5800_v3Matchv300r003c10

huaweioceanstor_5800_v3Matchv300r003c20

huaweioceanstor_5800_v3Matchv300r006c00

huaweioceanstor_ismMatchv100r001c00

huaweismc2.0Matchv100r003c10

huaweismc2.0Matchv100r005c00

huaweismc2.0Matchv500r002c00

huaweismc2.0Matchv600r006c00

huaweiuc_audio_recorderMatchv100r001c02

huaweiumaMatchv200r001c00

huaweielogMatchv200r003c10

huaweiespace_8950Matchv200r001c50

huaweiespace_8950Matchv200r003c00

huaweiespace_8950Matchv300r001c00

huaweiespace_8950Matchv200r001c50

CPENameOperatorVersion
anyofficeeqV200R002C10
anyofficeeqV200R002C20
anyofficeeqV200R005C02
n2000 applianceeqV100R001C00
oceanstor 18500eqV100R001C00
oceanstor 18500eqV100R001C10
oceanstor 18500eqV100R001C20
oceanstor 18500eqV100R001C30
oceanstor 18500eqV100R001C99
oceanstor 18500 v3eqV300R003C00

Name	Operator	Version
anyoffice	eq	V200R002C10
anyoffice	eq	V200R002C20
anyoffice	eq	V200R005C02
n2000 appliance	eq	V100R001C00
oceanstor 18500	eq	V100R001C00
oceanstor 18500	eq	V100R001C10
oceanstor 18500	eq	V100R001C20
oceanstor 18500	eq	V100R001C30
oceanstor 18500	eq	V100R001C99
oceanstor 18500 v3	eq	V300R003C00