Sign-up

ID

VAR-201803-1039


CVE

CVE-2017-17223


TITLE

plural Huawei eSpace Path traversal vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012797

DESCRIPTION

Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash. plural Huawei eSpace The product contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huaweie7910, 7950, and 8950 are the 7910, 7950, and 8950 series IP phones from China. The vulnerability was caused by the device failing to adequately verify the URL address. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks. The following products and versions are affected: Huawei eSpace 7910 V200R003C30 version; eSpace 7950 V200R003C30 version; eSpace 8950 V200R003C00 version, V200R003C30 version

Trust: 2.52

sources: NVD: CVE-2017-17223 // JVNDB: JVNDB-2017-012797 // CNVD: CNVD-2018-02551 // BID: 103446 // VULHUB: VHN-108224

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-02551

AFFECTED PRODUCTS

vendor:huaweimodel:espace 7910scope:eqversion:v200r003c30

Trust: 2.4

vendor:huaweimodel:espace 7950scope:eqversion:v200r003c30

Trust: 2.4

vendor:huaweimodel:espace 8950scope:eqversion:v200r003c00

Trust: 2.4

vendor:huaweimodel:espace 8950scope:eqversion:v200r003c30

Trust: 2.4

vendor:huaweimodel:espace v200r003c30scope:eqversion:7950

Trust: 0.9

vendor:huaweimodel:espace v200r003c00scope:eqversion:8950

Trust: 0.9

vendor:huaweimodel:espace v200r003c30scope:eqversion:8950

Trust: 0.9

vendor:huaweimodel:espace v200r003c30scope:eqversion:7910

Trust: 0.9

vendor:huaweimodel:espace v200r003c30spc300scope:neversion:8950

Trust: 0.3

vendor:huaweimodel:espace v200r003c00spcr00scope:neversion:8950

Trust: 0.3

vendor:huaweimodel:espace v200r003c30spc700scope:neversion:7950

Trust: 0.3

vendor:huaweimodel:espace v200r003c30spc700scope:neversion:7910

Trust: 0.3

sources: CNVD: CNVD-2018-02551 // BID: 103446 // JVNDB: JVNDB-2017-012797 // CNNVD: CNNVD-201803-302 // NVD: CVE-2017-17223

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17223
value: HIGH

Trust: 1.0

NVD: CVE-2017-17223
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-02551
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-302
value: HIGH

Trust: 0.6

VULHUB: VHN-108224
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-17223
severity: HIGH
baseScore: 8.0
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-02551
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108224
severity: HIGH
baseScore: 8.0
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17223
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-02551 // VULHUB: VHN-108224 // JVNDB: JVNDB-2017-012797 // CNNVD: CNNVD-201803-302 // NVD: CVE-2017-17223

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-108224 // JVNDB: JVNDB-2017-012797 // NVD: CVE-2017-17223

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-302

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201803-302

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012797

PATCH
title:huawei-sa-20180131-02-espaceurl:http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-en
Trust: 0.8
title:HuaweieSpace product catalog traversal vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/115319
Trust: 0.6
title:Huawei eSpace 7910 , 7950  and 8950 Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79024
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02551 // 
            
            
            
            JVNDB: JVNDB-2017-012797 // 
            
            
            
            CNNVD: CNNVD-201803-302

EXTERNAL IDS
db:NVDid:CVE-2017-17223
Trust: 3.4
db:JVNDBid:JVNDB-2017-012797
Trust: 0.8
db:CNVDid:CNVD-2018-02551
Trust: 0.6
db:CNNVDid:CNNVD-201803-302
Trust: 0.6
db:BIDid:103446
Trust: 0.4
db:VULHUBid:VHN-108224
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-02551 // 
            
            
            
            VULHUB: VHN-108224 // 
            
            
            
            BID: 103446 // 
            
            
            
            JVNDB: JVNDB-2017-012797 // 
            
            
            
            CNNVD: CNNVD-201803-302 // 
            
            
            
            NVD: CVE-2017-17223

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-en
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17223
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17223
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-02551 // 
            
            
            
            VULHUB: VHN-108224 // 
            
            
            
            BID: 103446 // 
            
            
            
            JVNDB: JVNDB-2017-012797 // 
            
            
            
            CNNVD: CNNVD-201803-302 // 
            
            
            
            NVD: CVE-2017-17223

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103446

SOURCES
db:CNVDid:CNVD-2018-02551
db:VULHUBid:VHN-108224
db:BIDid:103446
db:JVNDBid:JVNDB-2017-012797
db:CNNVDid:CNNVD-201803-302
db:NVDid:CVE-2017-17223

LAST UPDATE DATE
2024-11-23T22:34:19.538000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-02551date:2018-02-01T00:00:00
db:VULHUBid:VHN-108224date:2018-03-26T00:00:00
db:BIDid:103446date:2018-01-31T00:00:00
db:JVNDBid:JVNDB-2017-012797date:2018-04-18T00:00:00
db:CNNVDid:CNNVD-201803-302date:2018-04-02T00:00:00
db:NVDid:CVE-2017-17223date:2024-11-21T03:17:41.670

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-02551date:2018-02-01T00:00:00
db:VULHUBid:VHN-108224date:2018-03-09T00:00:00
db:BIDid:103446date:2018-01-31T00:00:00
db:JVNDBid:JVNDB-2017-012797date:2018-04-18T00:00:00
db:CNNVDid:CNNVD-201803-302date:2018-03-13T00:00:00
db:NVDid:CVE-2017-17223date:2018-03-09T17:29:01.347