Vulnerability Name:

CVE-2017-15353 (CCN-135908)

Assigned:2017-11-15
Published:2017-11-15
Updated:2018-02-22
Summary:Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C00, TE60, V100R001C01, V100R001C10, V500R002C00, V600R006C00, TX50, V500R002C00, V600R006C00, VP9660, V500R002C00, V500R002C10, ViewPoint 8660, V100R008C03, ViewPoint 9030, V100R011C02, V100R011C03, Viewpoint 8660, V100R008C03 have an out-of-bounds read vulnerability. An attacker has to control the peer device and send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause some service abnormal.
CVSS v3 Severity:3.7 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
3.2 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-125
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2017-15353

Source: CCN
Type: huawei-sa-20171115-01-h323
Out-of-bounds Read Vulnerability in Some Huawei Products

Source: CONFIRM
Type: Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-h323-en

Source: XF
Type: UNKNOWN
huawei-cve201715353-dos(135908)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:dp300:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:rp200:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:huawei:rse6500_firmware:v500r002c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:rse6500:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:huawei:te30_firmware:v100r001c02:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:te30:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:te40:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:te50:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:huawei:te60_firmware:v100r001c01:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:te60:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:huawei:tx50_firmware:v500r002c00:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:tx50_firmware:v600r006c00:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:tx50:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:huawei:viewpoint_8660_firmware:v100r008c03:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:viewpoint_8660:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:huawei:vp9660_firmware:v500r002c00:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:vp9660_firmware:v500r002c10:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:vp9660:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*
  • OR cpe:/o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*
  • AND
  • cpe:/h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:huawei:dp300:V500R002C00:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:te30:V100R001C10:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:te30:V500R002C00:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:te40:V500R002C00:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:te40:V600R006C00:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:te50:V500R002C00:*:*:*:*:*:*:*
  • OR cpe:/h:huawei:te50:V600R006C00:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    huawei dp300 firmware v500r002c00
    huawei dp300 -
    huawei rp200 firmware v500r002c00
    huawei rp200 firmware v600r006c00
    huawei rp200 -
    huawei rse6500 firmware v500r002c00
    huawei rse6500 -
    huawei te30 firmware v100r001c02
    huawei te30 firmware v100r001c10
    huawei te30 firmware v500r002c00
    huawei te30 firmware v600r006c00
    huawei te30 -
    huawei te40 firmware v500r002c00
    huawei te40 firmware v600r006c00
    huawei te40 -
    huawei te50 firmware v500r002c00
    huawei te50 firmware v600r006c00
    huawei te50 -
    huawei te60 firmware v100r001c01
    huawei te60 firmware v100r001c10
    huawei te60 firmware v500r002c00
    huawei te60 firmware v600r006c00
    huawei te60 -
    huawei tx50 firmware v500r002c00
    huawei tx50 firmware v600r006c00
    huawei tx50 -
    huawei viewpoint 8660 firmware v100r008c03
    huawei viewpoint 8660 -
    huawei vp9660 firmware v500r002c00
    huawei vp9660 firmware v500r002c10
    huawei vp9660 -
    huawei viewpoint 9030 firmware v100r011c02
    huawei viewpoint 9030 firmware v100r011c03
    huawei viewpoint 9030 -
    huawei dp300 V500R002C00
    huawei te30 V100R001C10
    huawei te30 V500R002C00
    huawei te40 V500R002C00
    huawei te40 V600R006C00
    huawei te50 V500R002C00
    huawei te50 V600R006C00