Details of VAR-201704-0902

ID

VAR-201704-0902

CVE

CVE-2017-2153

TITLE

SEIL Series routers vulnerable to denial-of-service (DoS)

Trust: 0.8

sources: JVNDB: JVNDB-2017-000071

DESCRIPTION

SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5.62, SEIL/X2 1.30 to 5.62, SEIL/B1 1.00 to 5.62 allows remote attackers to cause a denial of service via specially crafted IPv4 UDP packets. The DNS forwarder, the PPP Access Concentrator (L2TP) and the Measure(iPerf server) function in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service (DoS) vulnerability due to a flaw in processing certain packets. Internet Initiative Japan Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Internet Initiative Japan Inc. coordinated under the Information Security Early Warning Partnership.Receiving a specially crafted SSTP packet may result in the device becoming unresponsive. The following products and versions are affected: SEIL/x86 Fuji versions 1.70 to 5.62, SEIL/BPV4 versions 5.00 to 5.62, SEIL/X1 versions 1.30 to 5.62, SEIL/X2 versions 1.30 to 5.62, SEIL/B1 versions 1.00 to 5.62

Trust: 2.25

sources: NVD: CVE-2017-2153 // JVNDB: JVNDB-2017-000071 // CNVD: CNVD-2017-07494 // VULHUB: VHN-110356

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-07494

AFFECTED PRODUCTS

vendor:	seil	model:	x1	scope:	eq	version:	-	Trust: 1.6
vendor:	seil	model:	bpv 4	scope:	eq	version:	-	Trust: 1.6
vendor:	seil	model:	x2	scope:	eq	version:	-	Trust: 1.6
vendor:	seil	model:	b1	scope:	eq	version:	-	Trust: 1.6
vendor:	seil	model:	x86 fuji	scope:	eq	version:	-	Trust: 1.6
vendor:	internet initiative	model:	seil/b1	scope:	eq	version:	1.00 to 5.62	Trust: 0.8
vendor:	internet initiative	model:	seil/bpv4	scope:	eq	version:	5.00 to 5.62	Trust: 0.8
vendor:	internet initiative	model:	seil/x1	scope:	eq	version:	1.30 to 5.62	Trust: 0.8
vendor:	internet initiative	model:	seil/x2	scope:	eq	version:	1.30 to 5.62	Trust: 0.8
vendor:	internet initiative	model:	seil/x86 fuji	scope:	eq	version:	1.70 to 5.62	Trust: 0.8
vendor:	internet initiative	model:	seil/b1	scope:	gte	version:	1.00,<=5.62	Trust: 0.6
vendor:	internet initiative	model:	seil/bpv4	scope:	gte	version:	5.00,<=5.62	Trust: 0.6
vendor:	internet initiative	model:	seil/x1	scope:	gte	version:	1.30,<=5.62	Trust: 0.6
vendor:	internet initiative	model:	seil/x2	scope:	gte	version:	1.30,<=5.62	Trust: 0.6
vendor:	internet initiative	model:	seil/x86 fuji	scope:	gte	version:	1.70,<=5.62	Trust: 0.6

sources: CNVD: CNVD-2017-07494 // JVNDB: JVNDB-2017-000071 // CNNVD: CNNVD-201705-095 // NVD: CVE-2017-2153

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2153
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2017-000071
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-07494
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201705-095
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-110356
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-2153
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2017-000071
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2017-07494
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-110356
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2153
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0
IPA:	JVNDB-2017-000071
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2017-07494 // VULHUB: VHN-110356 // JVNDB: JVNDB-2017-000071 // CNNVD: CNNVD-201705-095 // NVD: CVE-2017-2153

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-110356 // JVNDB: JVNDB-2017-000071 // NVD: CVE-2017-2153

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-095

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201705-095

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-000071

PATCH

title:	Information from Internet Initiative Japan Inc.	url:	http://www.seil.jp/support/security/a01783.html	Trust: 0.8
title:	Patch for Multiple Internet Initiative Japan Product Denial of Service Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/94414	Trust: 0.6
title:	Multiple Internet Initiative Japan Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69770	Trust: 0.6

sources: CNVD: CNVD-2017-07494 // JVNDB: JVNDB-2017-000071 // CNNVD: CNNVD-201705-095

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2153	Trust: 3.1
db:	JVN	id:	JVN86171513	Trust: 2.5
db:	JVNDB	id:	JVNDB-2017-000071	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-095	Trust: 0.7
db:	CNVD	id:	CNVD-2017-07494	Trust: 0.6
db:	VULHUB	id:	VHN-110356	Trust: 0.1

sources: CNVD: CNVD-2017-07494 // VULHUB: VHN-110356 // JVNDB: JVNDB-2017-000071 // CNNVD: CNNVD-201705-095 // NVD: CVE-2017-2153

REFERENCES

url:	http://jvn.jp/en/jp/jvn86171513/index.html	Trust: 2.5
url:	http://www.seil.jp/support/security/a01783.html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2153	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2153	Trust: 0.8

sources: VULHUB: VHN-110356 // JVNDB: JVNDB-2017-000071 // CNNVD: CNNVD-201705-095 // NVD: CVE-2017-2153

SOURCES

db:	CNVD	id:	CNVD-2017-07494
db:	VULHUB	id:	VHN-110356
db:	JVNDB	id:	JVNDB-2017-000071
db:	CNNVD	id:	CNNVD-201705-095
db:	NVD	id:	CVE-2017-2153

LAST UPDATE DATE

2025-04-20T23:32:59.352000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-07494	date:	2019-05-17T00:00:00
db:	VULHUB	id:	VHN-110356	date:	2017-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-000071	date:	2017-06-06T00:00:00
db:	CNNVD	id:	CNNVD-201705-095	date:	2017-05-03T00:00:00
db:	NVD	id:	CVE-2017-2153	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-07494	date:	2017-05-25T00:00:00
db:	VULHUB	id:	VHN-110356	date:	2017-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-000071	date:	2017-04-19T00:00:00
db:	CNNVD	id:	CNNVD-201705-095	date:	2017-04-28T00:00:00
db:	NVD	id:	CVE-2017-2153	date:	2017-04-28T16:59:02.060