Details of VAR-201801-1823

ID

VAR-201801-1823

TITLE

Multiple Huawei Products CRYPTO Module Null Pointer Reference Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-00337

DESCRIPTION

Huawei DP300, RP200, TE30/40/50/60, TP3106/3206, and ViewPoint9030 are Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A buffer overflow vulnerability exists in the CRYPTO module of several Huawei products. The vulnerability is due to the program not fully verifying the input. An unauthenticated local attacker exploiting this vulnerability by constructing a file containing a null pointer with a parameter value can cause the system to reboot.

Trust: 0.6

sources: CNVD: CNVD-2018-00337

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-00337

AFFECTED PRODUCTS

vendor:	huawei	model:	dp300 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tp3106 v100r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	viewpoint v100r011c03	scope:	eq	version:	9030	Trust: 0.6
vendor:	huawei	model:	viewpoint v100r011c02	scope:	eq	version:	9030	Trust: 0.6
vendor:	huawei	model:	tp3206 v100r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tp3206 v100r002c10	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-00337

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-00337
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2018-00337
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-00337

PATCH

title:

Patches for various Huawei products CRYPTO module null pointer reference vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/112707

Trust: 0.6

sources: CNVD: CNVD-2018-00337

EXTERNAL IDS

db:

CNVD

id:

CNVD-2018-00337

Trust: 0.6

sources: CNVD: CNVD-2018-00337

REFERENCES

url:

http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20180103-01-crypto-cn

Trust: 0.6

sources: CNVD: CNVD-2018-00337

SOURCES

db:

CNVD

id:

CNVD-2018-00337

LAST UPDATE DATE

2022-05-04T10:11:55.933000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-00337

date:

2018-01-05T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2018-00337

date:

2018-01-05T00:00:00