Sign-up

ID

VAR-201808-0120


CVE

CVE-2017-17311


TITLE

plural Huawei Firewall Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-014183

DESCRIPTION

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service. plural Huawei Firewall The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei USG2205BSR etc. IPSEC IKEv1 is one of the Internet key exchange components. The vulnerability is caused by the program not processing malformed packets correctly. The following products and versions are affected: Huawei USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00

Trust: 1.71

sources: NVD: CVE-2017-17311 // JVNDB: JVNDB-2017-014183 // VULHUB: VHN-108321

AFFECTED PRODUCTS

vendor:huaweimodel:usg2205bsrscope:eqversion:v300r001c10spc600

Trust: 2.4

vendor:huaweimodel:usg2220bsrscope:eqversion:v300r001c00

Trust: 2.4

vendor:huaweimodel:usg5120bsrscope:eqversion:v300r001c00

Trust: 2.4

vendor:huaweimodel:usg5150bsrscope:eqversion:v300r001c00

Trust: 2.4

sources: JVNDB: JVNDB-2017-014183 // CNNVD: CNNVD-201808-498 // NVD: CVE-2017-17311

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17311
value: HIGH

Trust: 1.0

NVD: CVE-2017-17311
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201808-498
value: HIGH

Trust: 0.6

VULHUB: VHN-108321
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-17311
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-108321
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17311
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-108321 // JVNDB: JVNDB-2017-014183 // CNNVD: CNNVD-201808-498 // NVD: CVE-2017-17311

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-108321 // JVNDB: JVNDB-2017-014183 // NVD: CVE-2017-17311

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-498

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201808-498

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014183

PATCH
title:huawei-sa-20180813-01-Bleichenbacherurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180813-01-Bleichenbacher-en
Trust: 0.8
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84116
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-014183 // 
            
            
            
            CNNVD: CNNVD-201808-498

EXTERNAL IDS
db:NVDid:CVE-2017-17311
Trust: 2.5
db:JVNDBid:JVNDB-2017-014183
Trust: 0.8
db:CNNVDid:CNNVD-201808-498
Trust: 0.7
db:VULHUBid:VHN-108321
Trust: 0.1
sources:
            
            
            VULHUB: VHN-108321 // 
            
            
            
            JVNDB: JVNDB-2017-014183 // 
            
            
            
            CNNVD: CNNVD-201808-498 // 
            
            
            
            NVD: CVE-2017-17311

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180813-01-bleichenbacher-en
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17311
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17311
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180813-01-bleichenbacher-cn
Trust: 0.6
sources:
            
            
            VULHUB: VHN-108321 // 
            
            
            
            JVNDB: JVNDB-2017-014183 // 
            
            
            
            CNNVD: CNNVD-201808-498 // 
            
            
            
            NVD: CVE-2017-17311

SOURCES
db:VULHUBid:VHN-108321
db:JVNDBid:JVNDB-2017-014183
db:CNNVDid:CNNVD-201808-498
db:NVDid:CVE-2017-17311

LAST UPDATE DATE
2024-11-23T22:38:05.373000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-108321date:2018-10-12T00:00:00
db:JVNDBid:JVNDB-2017-014183date:2018-11-07T00:00:00
db:CNNVDid:CNNVD-201808-498date:2018-08-17T00:00:00
db:NVDid:CVE-2017-17311date:2024-11-21T03:17:48.797

SOURCES RELEASE DATE
db:VULHUBid:VHN-108321date:2018-08-21T00:00:00
db:JVNDBid:JVNDB-2017-014183date:2018-11-07T00:00:00
db:CNNVDid:CNNVD-201808-498date:2018-08-17T00:00:00
db:NVDid:CVE-2017-17311date:2018-08-21T13:29:00.373