Details of VAR-201801-1828

ID

VAR-201801-1828

TITLE

Multiple Huawei Product Memory Leak Vulnerabilities (CNVD-2018-00338)

Trust: 0.6

sources: CNVD: CNVD-2018-00338

DESCRIPTION

Huawei DP300, RP200, TE30/40/50/60, and TP3106/3206 are Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A memory leak vulnerability exists in several Huawei products because the program did not adequately verify the message. An unauthenticated remote attacker initiates a connection remotely through the SFTP/SSH protocol and sends a malformed message to the affected device, which can lead to memory leaks and a denial of service attack.

Trust: 0.6

sources: CNVD: CNVD-2018-00338

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-00338

AFFECTED PRODUCTS

vendor:	huawei	model:	dp300 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tp3106 v100r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tp3206 v100r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v500r002c00spc200	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tp3206 v100r002c10	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-00338

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-00338
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2018-00338
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-00338

PATCH

title:

Patch of several Huawei product memory leak vulnerabilities (CNVD-2018-00338)

url:

https://www.cnvd.org.cn/patchinfo/show/112709

Trust: 0.6

sources: CNVD: CNVD-2018-00338

EXTERNAL IDS

db:

CNVD

id:

CNVD-2018-00338

Trust: 0.6

sources: CNVD: CNVD-2018-00338

REFERENCES

url:

http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20180103-01-sftp-cn

Trust: 0.6

sources: CNVD: CNVD-2018-00338

SOURCES

db:

CNVD

id:

CNVD-2018-00338

LAST UPDATE DATE

2022-05-04T10:08:30.762000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-00338

date:

2018-01-05T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2018-00338

date:

2018-01-05T00:00:00