Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-17143

SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; RSE6500 V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC300T; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00T; TE30 V100R001C10; V100R001C10SPC100; V100R001C10SPC200B010; V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V100R001C10SPC800; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE60 V100R001C01SPC100; V100R001C01SPC107TB010; V100R001C10; V100R001C10SPC300; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800; V100R001C10SPC900; V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300; TP3106 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C00SPC800; TP3206 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C10; ViewPoint 9030 V100R011C02SPC100; V100R011C03B012SP15; V100R011C03B012SP16; V100R011C03B015SP03; V100R011C03LGWL01SPC100; V100R011C03SPC100; V100R011C03SPC200; V100R011C03SPC300; V100R011C03SPC400; V100R011C03SPC500; eSpace U1960 V200R003C30SPC200; eSpace U1981 V100R001C20SPC700; V200R003C20SPCa00 has an overflow vulnerability that the module cannot parse a malformed SIP message when validating variables. Attacker can exploit it to make one process reboot at random.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 5.3, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts and limited availability for affected systems. Impacting 24 products from huawei, from huawei, from huawei and 21 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2018, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2018-03-05T19:29:00.863

Last Modified

2024-11-21T03:17:34.347

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	dp300_firmware	v500r002c00	Yes
Operating System	huawei	dp300_firmware	v500r002c00spc100	Yes
Operating System	huawei	dp300_firmware	v500r002c00spc200	Yes
Operating System	huawei	dp300_firmware	v500r002c00spc300	Yes
Operating System	huawei	dp300_firmware	v500r002c00spc400	Yes
Operating System	huawei	dp300_firmware	v500r002c00spc500	Yes
Operating System	huawei	dp300_firmware	v500r002c00spc600	Yes
Operating System	huawei	dp300_firmware	v500r002c00spc800	Yes
Operating System	huawei	dp300_firmware	v500r002c00spc900	Yes
Operating System	huawei	dp300_firmware	v500r002c00spca00	Yes
Hardware	huawei	dp300	-	No
Operating System	huawei	rp200_firmware	v500r002c00spc200	Yes
Operating System	huawei	rp200_firmware	v600r006c00	Yes
Operating System	huawei	rp200_firmware	v600r006c00spc200	Yes
Hardware	huawei	rp200	-	No
Operating System	huawei	rse6500_firmware	v500r002c00spc100	Yes
Operating System	huawei	rse6500_firmware	v500r002c00spc200	Yes
Operating System	huawei	rse6500_firmware	v500r002c00spc300	Yes
Operating System	huawei	rse6500_firmware	v500r002c00spc300t	Yes
Operating System	huawei	rse6500_firmware	v500r002c00spc500	Yes
Operating System	huawei	rse6500_firmware	v500r002c00spc600	Yes
Operating System	huawei	rse6500_firmware	v500r002c00spc700	Yes
Operating System	huawei	rse6500_firmware	v500r002c00t	Yes
Hardware	huawei	rse6500	-	No
Operating System	huawei	te30_firmware	v100r001c10	Yes
Operating System	huawei	te30_firmware	v100r001c10spc100	Yes
Operating System	huawei	te30_firmware	v100r001c10spc200b010	Yes
Operating System	huawei	te30_firmware	v100r001c10spc300	Yes
Operating System	huawei	te30_firmware	v100r001c10spc500	Yes
Operating System	huawei	te30_firmware	v100r001c10spc600	Yes
Operating System	huawei	te30_firmware	v100r001c10spc700b010	Yes
Operating System	huawei	te30_firmware	v100r001c10spc800	Yes
Operating System	huawei	te30_firmware	v500r002c00spc200	Yes
Operating System	huawei	te30_firmware	v500r002c00spc500	Yes
Operating System	huawei	te30_firmware	v500r002c00spc600	Yes
Operating System	huawei	te30_firmware	v500r002c00spc700	Yes
Operating System	huawei	te30_firmware	v500r002c00spc900	Yes
Operating System	huawei	te30_firmware	v500r002c00spcb00	Yes
Operating System	huawei	te30_firmware	v600r006c00	Yes
Hardware	huawei	te30	-	No
Operating System	huawei	te40_firmware	v500r002c00spc600	Yes
Operating System	huawei	te40_firmware	v500r002c00spc700	Yes
Operating System	huawei	te40_firmware	v500r002c00spc900	Yes
Operating System	huawei	te40_firmware	v500r002c00spcb00	Yes
Operating System	huawei	te40_firmware	v600r006c00	Yes
Operating System	huawei	te40_firmware	v600r006c00spc200	Yes
Hardware	huawei	te40	-	No
Operating System	huawei	te50_firmware	v500r002c00spc600	Yes
Operating System	huawei	te50_firmware	v500r002c00spc700	Yes
Operating System	huawei	te50_firmware	v500r002c00spcb00	Yes
Operating System	huawei	te50_firmware	v600r006c00	Yes
Operating System	huawei	te50_firmware	v600r006c00spc200	Yes
Hardware	huawei	te50	-	No
Operating System	huawei	te60_firmware	v100r001c01spc100	Yes
Operating System	huawei	te60_firmware	v100r001c01spc107tb010	Yes
Operating System	huawei	te60_firmware	v100r001c10	Yes
Operating System	huawei	te60_firmware	v100r001c10spc300	Yes
Operating System	huawei	te60_firmware	v100r001c10spc400	Yes
Operating System	huawei	te60_firmware	v100r001c10spc500	Yes
Operating System	huawei	te60_firmware	v100r001c10spc600	Yes
Operating System	huawei	te60_firmware	v100r001c10spc700	Yes
Operating System	huawei	te60_firmware	v100r001c10spc800	Yes
Operating System	huawei	te60_firmware	v100r001c10spc900	Yes
Operating System	huawei	te60_firmware	v500r002c00	Yes
Operating System	huawei	te60_firmware	v500r002c00spc100	Yes
Operating System	huawei	te60_firmware	v500r002c00spc200	Yes
Operating System	huawei	te60_firmware	v500r002c00spc300	Yes
Operating System	huawei	te60_firmware	v500r002c00spc600	Yes
Operating System	huawei	te60_firmware	v500r002c00spc700	Yes
Operating System	huawei	te60_firmware	v500r002c00spc800	Yes
Operating System	huawei	te60_firmware	v500r002c00spc900	Yes
Operating System	huawei	te60_firmware	v500r002c00spca00	Yes
Operating System	huawei	te60_firmware	v500r002c00spcb00	Yes
Operating System	huawei	te60_firmware	v500r002c00spcd00	Yes
Operating System	huawei	te60_firmware	v600r006c00	Yes
Operating System	huawei	te60_firmware	v600r006c00spc100	Yes
Operating System	huawei	te60_firmware	v600r006c00spc200	Yes
Operating System	huawei	te60_firmware	v600r006c00spc300	Yes
Hardware	huawei	te60	-	No
Operating System	huawei	tp3106_firmware	v100r002c00	Yes
Operating System	huawei	tp3106_firmware	v100r002c00spc200	Yes
Operating System	huawei	tp3106_firmware	v100r002c00spc400	Yes
Operating System	huawei	tp3106_firmware	v100r002c00spc600	Yes
Operating System	huawei	tp3106_firmware	v100r002c00spc700	Yes
Operating System	huawei	tp3106_firmware	v100r002c00spc800	Yes
Hardware	huawei	tp3106	-	No
Operating System	huawei	tp3206_firmware	v100r002c00	Yes
Operating System	huawei	tp3206_firmware	v100r002c00spc200	Yes
Operating System	huawei	tp3206_firmware	v100r002c00spc400	Yes
Operating System	huawei	tp3206_firmware	v100r002c00spc600	Yes
Operating System	huawei	tp3206_firmware	v100r002c00spc700	Yes
Operating System	huawei	tp3206_firmware	v100r002c10	Yes
Hardware	huawei	tp3206	-	No
Operating System	huawei	viewpoint_9030_firmware	v100r011c02spc100	Yes
Operating System	huawei	viewpoint_9030_firmware	v100r011c03b012sp15	Yes
Operating System	huawei	viewpoint_9030_firmware	v100r011c03b012sp16	Yes
Operating System	huawei	viewpoint_9030_firmware	v100r011c03b015sp03	Yes
Operating System	huawei	viewpoint_9030_firmware	v100r011c03lgwl01spc100	Yes
Operating System	huawei	viewpoint_9030_firmware	v100r011c03spc100	Yes
Operating System	huawei	viewpoint_9030_firmware	v100r011c03spc200	Yes
Operating System	huawei	viewpoint_9030_firmware	v100r011c03spc300	Yes
Operating System	huawei	viewpoint_9030_firmware	v100r011c03spc400	Yes
Operating System	huawei	viewpoint_9030_firmware	v100r011c03spc500	Yes
Hardware	huawei	viewpoint_9030	-	No
Operating System	huawei	espace_u1960_firmware	v200r003c30spc200	Yes
Hardware	huawei	espace_u1960	-	No
Operating System	huawei	espace_u1981_firmware	v100r001c20spc700	Yes
Operating System	huawei	espace_u1981_firmware	v200r003c20spca00	Yes
Hardware	huawei	espace_u1981	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-sip-en Vendor Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-sip-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For huawei's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.