Details of VAR-201801-1843

ID

VAR-201801-1843

TITLE

Multiple Huawei Products CRYPTO Module Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-00336

DESCRIPTION

Huawei DP300, RP200, TE30/40/50/60, TP3106/3206, and ViewPoint9030 are Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A buffer overflow vulnerability exists in the CRYPTO module of several Huawei products. The vulnerability is due to the program not fully verifying the input. An unauthenticated local attacker exploiting the vulnerability by constructing a file containing parameters longer than the maximum value can cause the system to reboot.

Trust: 0.6

sources: CNVD: CNVD-2018-00336

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-00336

AFFECTED PRODUCTS

vendor:	huawei	model:	dp300 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c01	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tp3106 v100r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	viewpoint v100r011c03	scope:	eq	version:	9030	Trust: 0.6
vendor:	huawei	model:	viewpoint v100r011c02	scope:	eq	version:	9030	Trust: 0.6
vendor:	huawei	model:	tp3206 v100r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	rp200 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c02	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te30 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te40 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v500r002c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te50 v600r006c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	te60 v100r001c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tp3206 v100r002c10	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-00336

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-00336
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2018-00336
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-00336

PATCH

title:

Patch of multiple Huawei product CRYPTO module buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/112705

Trust: 0.6

sources: CNVD: CNVD-2018-00336

EXTERNAL IDS

db:

CNVD

id:

CNVD-2018-00336

Trust: 0.6

sources: CNVD: CNVD-2018-00336

REFERENCES

url:

http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20180103-01-crypto-cn

Trust: 0.6

sources: CNVD: CNVD-2018-00336

SOURCES

db:

CNVD

id:

CNVD-2018-00336

LAST UPDATE DATE

2022-05-04T09:29:16.913000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-00336

date:

2018-01-05T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2018-00336

date:

2018-01-05T00:00:00