Vulnerability Name: CVE-2017-17289 (CCN-138216) Assigned: 2017-12-04 Published: 2018-01-24 Updated: 2019-10-03 Summary: Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. The software does not release allocated memory properly when handling XML data. An authenticated, local attacker could upload crafted XML file repeatedly to cause memory leak and service abnormal. CVSS v3 Severity: 3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Type: CWE-772 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2017-17289 Memory Leak Vulnerability in Some Huawei Products http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-xml-en huawei-cve201717289-dos(138216) Vulnerable Configuration: Configuration 1 :cpe:/o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:* AND cpe:/h:huawei:dp300:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:* OR cpe:/o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:* AND cpe:/h:huawei:rp200:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:* OR cpe:/o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:* OR cpe:/o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:* AND cpe:/h:huawei:te30:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:* OR cpe:/o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:* AND cpe:/h:huawei:te40:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:* OR cpe:/o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:* AND cpe:/h:huawei:te50:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:* OR cpe:/o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:* OR cpe:/o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:* AND cpe:/h:huawei:te60:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/h:huawei:dp300:V500R002C00:*:*:*:*:*:*:* OR cpe:/h:huawei:te60:V100R001C10:*:*:*:*:*:*:* OR cpe:/h:huawei:te60:V500R002C00:*:*:*:*:*:*:* OR cpe:/h:huawei:te30:V100R001C10:*:*:*:*:*:*:* OR cpe:/h:huawei:te30:V500R002C00:*:*:*:*:*:*:* OR cpe:/h:huawei:te40:V500R002C00:*:*:*:*:*:*:* OR cpe:/h:huawei:te40:V600R006C00:*:*:*:*:*:*:* OR cpe:/h:huawei:te50:V500R002C00:*:*:*:*:*:*:* OR cpe:/h:huawei:te50:V600R006C00:*:*:*:*:*:*:* BACK
huawei dp300 firmware v500r002c00
huawei dp300 -
huawei rp200 firmware v500r002c00
huawei rp200 firmware v600r006c00
huawei rp200 -
huawei te30 firmware v100r001c10
huawei te30 firmware v500r002c00
huawei te30 firmware v600r006c00
huawei te30 -
huawei te40 firmware v500r002c00
huawei te40 firmware v600r006c00
huawei te40 -
huawei te50 firmware v500r002c00
huawei te50 firmware v600r006c00
huawei te50 -
huawei te60 firmware v100r001c10
huawei te60 firmware v500r002c00
huawei te60 firmware v600r006c00
huawei te60 -
huawei dp300 V500R002C00
huawei te60 V100R001C10
huawei te60 V500R002C00
huawei te30 V100R001C10
huawei te30 V500R002C00
huawei te40 V500R002C00
huawei te40 V600R006C00
huawei te50 V500R002C00
huawei te50 V600R006C00
Denotes that component is vulnerable