Sign-up

ID

VAR-201803-1038


CVE

CVE-2017-17222


TITLE

Huawei eSpace 7950 and 8950 Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012827

DESCRIPTION

Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code. Huawei eSpace 7950 and 8950 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweieSpace 7950 and 8950 are both Huawei's 7950 and 8950 series IP phones. The vulnerability is due to the program failing to adequately verify the message. After the remote attacker uploads the signal tone or language pack, it sends an attack to the device by sending a packet with special parameters, resulting in arbitrary code execution. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 2.52

sources: NVD: CVE-2017-17222 // JVNDB: JVNDB-2017-012827 // CNVD: CNVD-2018-02550 // BID: 103440 // VULHUB: VHN-108223

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-02550

AFFECTED PRODUCTS

vendor:huaweimodel:espace 8950scope:eqversion:v200r003c00

Trust: 1.6

vendor:huaweimodel:espace 7950scope:eqversion:v200r003c30

Trust: 1.6

vendor:huaweimodel:espace 8950scope:eqversion:v200r003c30

Trust: 1.6

vendor:huaweimodel:espace v200r003c30scope:eqversion:7950

Trust: 0.9

vendor:huaweimodel:espace v200r003c00scope:eqversion:8950

Trust: 0.9

vendor:huaweimodel:espace v200r003c30scope:eqversion:8950

Trust: 0.9

vendor:huaweimodel:espace 7950scope: - version: -

Trust: 0.8

vendor:huaweimodel:espace 8950scope: - version: -

Trust: 0.8

vendor:huaweimodel:espace v200r003c30spc300scope:neversion:8950

Trust: 0.3

vendor:huaweimodel:espace v200r003c00spcr00scope:neversion:8950

Trust: 0.3

vendor:huaweimodel:espace v200r003c30spc700scope:neversion:7950

Trust: 0.3

sources: CNVD: CNVD-2018-02550 // BID: 103440 // JVNDB: JVNDB-2017-012827 // CNNVD: CNNVD-201803-303 // NVD: CVE-2017-17222

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17222
value: HIGH

Trust: 1.0

NVD: CVE-2017-17222
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-02550
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-303
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108223
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17222
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-02550
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108223
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17222
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-02550 // VULHUB: VHN-108223 // JVNDB: JVNDB-2017-012827 // CNNVD: CNNVD-201803-303 // NVD: CVE-2017-17222

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-108223 // JVNDB: JVNDB-2017-012827 // NVD: CVE-2017-17222

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-303

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201803-303

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012827

PATCH
title:huawei-sa-20180131-01-espaceurl:http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en
Trust: 0.8
title:Patch for HuaweieSpace7950 and 8950 Remote Code Execution Vulnerability (CNVD-2018-02550)url:https://www.cnvd.org.cn/patchInfo/show/115317
Trust: 0.6
title:Huawei eSpace 8950  and 7950 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79025
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02550 // 
            
            
            
            JVNDB: JVNDB-2017-012827 // 
            
            
            
            CNNVD: CNNVD-201803-303

EXTERNAL IDS
db:NVDid:CVE-2017-17222
Trust: 3.4
db:JVNDBid:JVNDB-2017-012827
Trust: 0.8
db:CNVDid:CNVD-2018-02550
Trust: 0.6
db:NSFOCUSid:39168
Trust: 0.6
db:CNNVDid:CNNVD-201803-303
Trust: 0.6
db:BIDid:103440
Trust: 0.4
db:VULHUBid:VHN-108223
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-02550 // 
            
            
            
            VULHUB: VHN-108223 // 
            
            
            
            BID: 103440 // 
            
            
            
            JVNDB: JVNDB-2017-012827 // 
            
            
            
            CNNVD: CNNVD-201803-303 // 
            
            
            
            NVD: CVE-2017-17222

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17222
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17222
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-cn
Trust: 0.6
url:http://www.nsfocus.net/vulndb/39168
Trust: 0.6
url:http://www.huawei.com/en/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-02550 // 
            
            
            
            VULHUB: VHN-108223 // 
            
            
            
            BID: 103440 // 
            
            
            
            JVNDB: JVNDB-2017-012827 // 
            
            
            
            CNNVD: CNNVD-201803-303 // 
            
            
            
            NVD: CVE-2017-17222

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103440

SOURCES
db:CNVDid:CNVD-2018-02550
db:VULHUBid:VHN-108223
db:BIDid:103440
db:JVNDBid:JVNDB-2017-012827
db:CNNVDid:CNNVD-201803-303
db:NVDid:CVE-2017-17222

LAST UPDATE DATE
2024-11-23T22:12:39.097000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-02550date:2018-02-01T00:00:00
db:VULHUBid:VHN-108223date:2018-03-27T00:00:00
db:BIDid:103440date:2018-01-31T00:00:00
db:JVNDBid:JVNDB-2017-012827date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201803-303date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17222date:2024-11-21T03:17:41.567

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-02550date:2018-02-01T00:00:00
db:VULHUBid:VHN-108223date:2018-03-09T00:00:00
db:BIDid:103440date:2018-01-31T00:00:00
db:JVNDBid:JVNDB-2017-012827date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201803-303date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17222date:2018-03-09T17:29:01.283