Details of VAR-201801-1818

ID

VAR-201801-1818

TITLE

H3 Protocol Resource Management Vulnerabilities in Various Huawei Products

Trust: 0.6

sources: CNVD: CNVD-2018-00345

DESCRIPTION

Huawei AR series routers, DP300, NetEngine16EX and other Chinese Huawei products. A resource management vulnerability exists in the H323 protocol of several Huawei products. The vulnerability is due to the failure of the H323 protocol to fully verify the packets. When the application fails, the attacker can send a malformed packet to the device to attack, which can cause the process to crash.

Trust: 0.6

sources: CNVD: CNVD-2018-00345

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-00345

AFFECTED PRODUCTS

vendor:	huawei	model:	ar3200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	dp300 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tp3106 v100r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tp3206 v100r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar120-s v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r006c13	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r007c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar1200-s v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r007c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar150-s v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r006c12	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r007c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar160 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar200-s v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r006c16pwe	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r006c13	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r007c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r006c11	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r007c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3200 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r006c12	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r006c13	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r006c15	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r006c16	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r006c17	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar510 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	netengine16ex v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	netengine16ex v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	netengine16ex v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	netengine16ex v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg1300 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg1300 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg1300 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg1300 v200r007c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg1300 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg1300 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg2300 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg2300 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg2300 v200r007c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg2300 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg2300 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg3300 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg3300 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg3300 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	srg3300 v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar2200-s v200r008c30	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3600 v200r006c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3600 v200r007c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3600 v200r008c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ar3600 v200r007c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tp3206 v100r002c10	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-00345

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-00345
value:	LOW
Trust: 0.6

CNVD:	CNVD-2018-00345
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-00345

PATCH

title:

Patches for various Huawei product H323 protocol resource management vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/112741

Trust: 0.6

sources: CNVD: CNVD-2018-00345

EXTERNAL IDS

db:

CNVD

id:

CNVD-2018-00345

Trust: 0.6

sources: CNVD: CNVD-2018-00345

REFERENCES

url:

http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171227-01-h323-cn

Trust: 0.6

sources: CNVD: CNVD-2018-00345

SOURCES

db:

CNVD

id:

CNVD-2018-00345

LAST UPDATE DATE

2022-05-04T09:56:37.706000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-00345

date:

2018-01-05T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2018-00345

date:

2018-01-05T00:00:00