CVE-2017-17166

Published Feb 15, 2018

Last updated 7 years ago

CVSS medium 5.3

Overview

Description: Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack memory is exhausted.
Source: psirt@huawei.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-400

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8871106B-D3AF-4CFB-A544-1FA411642428"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7F3483B2-9EB6-4E34-900A-945C04A3160D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C996915-83A1-4EA5-A8E1-F609DA879D2D"
          },
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11CAA59E-F2A8-4E84-BCC5-CADA8FDA9712"
          },
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A8AEAB1-6106-47A2-8207-67E557A8BF80"
          },
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c50:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64E335D2-FE4B-4316-8827-4741EC9AA674"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C281B511-7A27-4FC6-9427-AE5AD7C302F3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3189382E-6846-4713-A92F-ABD03683F4A5"
          },
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3983A57-2F07-4D21-9093-1DFEAB310E26"
          },
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "627F40B6-8CD1-47EE-8937-F1FAAAB86F0D"
          },
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c50:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2D01ED2-70BC-411A-9BB8-A4EB04C92F4A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0ED6E342-26E7-45DF-AC3F-EFEBAE3DDDF0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E990766D-FBD4-404E-A783-3D2D0BC210F3"
          },
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A638ACAF-9A6F-4861-8CDB-E43FBC3C9C5B"
          },
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADB7FBB2-1CC6-4DA3-85AB-66562B0A9198"
          },
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c50:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72CE6722-BA5D-4AAE-9C72-36F06EB4DFF1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BE469876-F873-4705-9760-097AE840A818"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D28E0627-0B19-4616-933E-76294F83813F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:tp3206:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "45ED506D-5094-476B-83F0-CBBED04EF348"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:vp9660_firmware:v500r002c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A68709FF-9E1C-4174-A925-70A88D4376A3"
          },
          {
            "criteria": "cpe:2.3:o:huawei:vp9660_firmware:v500r002c10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A58ED692-8BED-4877-9BC9-D41386B660C1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:vp9660:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D1DC498B-F19F-403A-ACFE-F8364A78EC66"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References