Sign-up

ID

VAR-201808-0121


CVE

CVE-2017-17312


TITLE

plural Huawei Firewall Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-014179

DESCRIPTION

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service. plural Huawei Firewall The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei USG2205BSR etc. IPSEC IKEv1 is one of the Internet key exchange components. The vulnerability is caused by the program not correctly processing malformed packets. The following products and versions are affected: Huawei USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00

Trust: 1.71

sources: NVD: CVE-2017-17312 // JVNDB: JVNDB-2017-014179 // VULHUB: VHN-108322

AFFECTED PRODUCTS

vendor:huaweimodel:usg2205bsrscope:eqversion:v300r001c10spc600

Trust: 2.4

vendor:huaweimodel:usg2220bsrscope:eqversion:v300r001c00

Trust: 2.4

vendor:huaweimodel:usg5120bsrscope:eqversion:v300r001c00

Trust: 2.4

vendor:huaweimodel:usg5150bsrscope:eqversion:v300r001c00

Trust: 2.4

sources: JVNDB: JVNDB-2017-014179 // CNNVD: CNNVD-201808-499 // NVD: CVE-2017-17312

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17312
value: HIGH

Trust: 1.0

NVD: CVE-2017-17312
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201808-499
value: HIGH

Trust: 0.6

VULHUB: VHN-108322
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-17312
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-108322
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17312
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-108322 // JVNDB: JVNDB-2017-014179 // CNNVD: CNNVD-201808-499 // NVD: CVE-2017-17312

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-108322 // JVNDB: JVNDB-2017-014179 // NVD: CVE-2017-17312

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-499

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201808-499

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014179

PATCH
title:huawei-sa-20180813-01-Bleichenbacherurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180813-01-Bleichenbacher-en
Trust: 0.8
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84117
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-014179 // 
            
            
            
            CNNVD: CNNVD-201808-499

EXTERNAL IDS
db:NVDid:CVE-2017-17312
Trust: 2.5
db:JVNDBid:JVNDB-2017-014179
Trust: 0.8
db:CNNVDid:CNNVD-201808-499
Trust: 0.7
db:VULHUBid:VHN-108322
Trust: 0.1
sources:
            
            
            VULHUB: VHN-108322 // 
            
            
            
            JVNDB: JVNDB-2017-014179 // 
            
            
            
            CNNVD: CNNVD-201808-499 // 
            
            
            
            NVD: CVE-2017-17312

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180813-01-bleichenbacher-en
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17312
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17312
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180813-01-bleichenbacher-cn
Trust: 0.6
sources:
            
            
            VULHUB: VHN-108322 // 
            
            
            
            JVNDB: JVNDB-2017-014179 // 
            
            
            
            CNNVD: CNNVD-201808-499 // 
            
            
            
            NVD: CVE-2017-17312

SOURCES
db:VULHUBid:VHN-108322
db:JVNDBid:JVNDB-2017-014179
db:CNNVDid:CNNVD-201808-499
db:NVDid:CVE-2017-17312

LAST UPDATE DATE
2024-11-23T22:12:26.278000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-108322date:2018-10-12T00:00:00
db:JVNDBid:JVNDB-2017-014179date:2018-11-06T00:00:00
db:CNNVDid:CNNVD-201808-499date:2018-12-03T00:00:00
db:NVDid:CVE-2017-17312date:2024-11-21T03:17:48.910

SOURCES RELEASE DATE
db:VULHUBid:VHN-108322date:2018-08-21T00:00:00
db:JVNDBid:JVNDB-2017-014179date:2018-11-06T00:00:00
db:CNNVDid:CNNVD-201808-499date:2018-08-17T00:00:00
db:NVDid:CVE-2017-17312date:2018-08-21T13:29:00.483