Lucene search

[email protected]NVD:CVE-2017-17281

HistoryMar 09, 2018 - 5:29 p.m.

CVE-2017-17281

2018-03-0917:29:01

CWE-125

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

34.9%

JSON

SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. A remote, authenticated attacker could exploit this vulnerability by sending specially crafted messages to a target device. Successful exploit may cause some information leak.

Affected configurations

Nvd

Node

huaweidp300_firmwareMatchv500r002c00

AND

huaweidp300Match-

Node

huaweirp200_firmwareMatchv600r006c00

AND

huaweirp200Match-

Node

huaweite30_firmwareMatchv100r001c10

huaweite30_firmwareMatchv500r002c00

huaweite30_firmwareMatchv600r006c00

AND

huaweite30Match-

Node

huaweite40_firmwareMatchv500r002c00

huaweite40_firmwareMatchv600r006c00

AND

huaweite40Match-

Node

huaweite50_firmwareMatchv500r002c00

huaweite50_firmwareMatchv600r006c00

AND

huaweite50Match-

Node

huaweite60_firmwareMatchv100r001c10

huaweite60_firmwareMatchv500r002c00

huaweite60_firmwareMatchv600r006c00

AND

huaweite60Match-

VendorProductVersionCPE
huaweidp300_firmwarev500r002c00cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*
huaweidp300-cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*
huaweirp200_firmwarev600r006c00cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*
huaweirp200-cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*
huaweite30_firmwarev100r001c10cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*
huaweite30_firmwarev500r002c00cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*
huaweite30_firmwarev600r006c00cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*
huaweite30-cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*
huaweite40_firmwarev500r002c00cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*
huaweite40_firmwarev600r006c00cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	dp300_firmware	v500r002c00	cpe:2.3:o:huawei:dp300_firmware:v500r002c00:::::::*
huawei	dp300	-	cpe:2.3:h:huawei:dp300:-:::::::*
huawei	rp200_firmware	v600r006c00	cpe:2.3:o:huawei:rp200_firmware:v600r006c00:::::::*
huawei	rp200	-	cpe:2.3:h:huawei:rp200:-:::::::*
huawei	te30_firmware	v100r001c10	cpe:2.3:o:huawei:te30_firmware:v100r001c10:::::::*
huawei	te30_firmware	v500r002c00	cpe:2.3:o:huawei:te30_firmware:v500r002c00:::::::*
huawei	te30_firmware	v600r006c00	cpe:2.3:o:huawei:te30_firmware:v600r006c00:::::::*
huawei	te30	-	cpe:2.3:h:huawei:te30:-:::::::*
huawei	te40_firmware	v500r002c00	cpe:2.3:o:huawei:te40_firmware:v500r002c00:::::::*
huawei	te40_firmware	v600r006c00	cpe:2.3:o:huawei:te40_firmware:v600r006c00:::::::*

Rows per page:

1-10 of 181

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180228-01-sftp-en

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

34.9%

JSON

Related for NVD:CVE-2017-17281

cve1 huawei1 prion1 cvelist1