Vulnerability CVE-2017-17151


Published: 2018-02-15

Description:
Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS attacks.

Type:

CWE-20

(Improper Input Validation)

Vendor: Huawei
Product: Te60 firmware 
Version:
v600r006c00
v500r002c00spcb00
v500r002c00spca00
v500r002c00spc900
v500r002c00spc800
v500r002c00spc700
v500r002c00spc600
v500r002c00spc200
v500r002c00spc100
v500r002c00
See more versions on NVD
Product: Te40 firmware 
Version:
v600r006c00
v500r002c00spcb00
v500r002c00spc900
v500r002c00spc700
v500r002c00spc600
See more versions on NVD
Product: Te50 firmware 
Version:
v500r002c00spcb00
v500r002c00spc700
v500r002c00spc600
See more versions on NVD
Product: Te30 firmware 
Version:
v500r002c00spcb00
v500r002c00spc900
v500r002c00spc700
v500r002c00spc600
v500r002c00spc200
See more versions on NVD
Product: Dp300 firmware 
Version:
v500r002c00spc900
v500r002c00spc800
v500r002c00spc600
v500r002c00spc500
v500r002c00spc400
v500r002c00spc300
v500r002c00spc200
v500r002c00spc100
v500r002c00
See more versions on NVD
Product: Rp200 firmware 
Version: v500r002c00spc200;
Product: Ar160 firmware 
Version:
v200r008c30spc100
v200r008c30
v200r008c20spc800
v200r008c20spc700
See more versions on NVD
Product: Ar3200 firmware 
Version:
v200r008c30spc067t
v200r008c30b080
v200r008c30b070
v200r008c30b060
v200r008c30b050
v200r008c30b030
v200r008c30b020
v200r008c30b010
v200r008c30
v200r008c20spc800
v200r008c20spc700
See more versions on NVD
Product: Ar150-s firmware 
Version:
v200r008c30
v200r008c20spc800
v200r008c20spc700
See more versions on NVD
Product: Ar2200-s firmware 
Version:
v200r008c30
v200r008c20spc800pwe
v200r008c20spc800
v200r008c20spc700
See more versions on NVD
Product: Ar120-s firmware 
Version:
v200r008c30
v200r008c20spc800
v200r008c20spc700
See more versions on NVD
Product: Ar510 firmware 
Version: v200r008c30;
Product: Srg3300 firmware 
Version: v200r008c30;
Product: Srg2300 firmware 
Version: v200r008c30;
Product: Ar150 firmware 
Version:
v200r008c30
v200r008c20spc800
v200r008c20spc700
See more versions on NVD
Product: Ar200 firmware 
Version:
v200r008c30
v200r008c20spc900pwe
v200r008c20spc900
v200r008c20spc800
v200r008c20spc700
See more versions on NVD
Product: Ar120 firmware 
Version:
v200r008c30
v200r008c20spc800
v200r008c20spc700
See more versions on NVD
Product: Ar110-s firmware 
Version: v200r008c30; v200r008c20spc800;
Product: Ar100 firmware 
Version:
v200r008c30
v200r008c20spc800pwe
v200r008c20spc800
v200r008c20spc700pwe
v200r008c20spc700
See more versions on NVD
Product: Ar100-s firmware 
Version:
v200r008c30
v200r008c20spc800pwe
v200r008c20spc800
v200r008c20spc700
See more versions on NVD
Product: Ar2200 firmware 
Version:
v200r008c30
v200r008c20spc800
v200r008c20spc700
See more versions on NVD
Product: Netengine16ex firmware 
Version:
v200r008c30
v200r008c20spc800
v200r008c20spc700
See more versions on NVD
Product: Ar1200 firmware 
Version:
v200r008c30
v200r008c20spc800
v200r008c20spc700
See more versions on NVD
Product: Ar200-s firmware 
Version:
v200r008c30
v200r008c20spc800
v200r008c20spc700
See more versions on NVD
Product: Srg1300 firmware 
Version: v200r008c30;
Product: Ar1200-s firmware 
Version:
v200r008c30
v200r008c20spc800pwe
v200r008c20spc800
v200r008c20spc700
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-h323-en

Related CVE
CVE-2019-5280
The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attack...
CVE-2019-5223
PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution.
CVE-2019-5236
Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to c...
CVE-2019-5222
There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user ...
CVE-2019-5245
HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execu...
CVE-2019-5243
There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability.
CVE-2019-5242
There is a code execution vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the att...
CVE-2019-5241
There is a privilege escalation vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause t...

Copyright 2019, cxsecurity.com

 

Back to Top