Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-17170

The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900.

Published

2018-03-09T17:29:00.813

Last Modified

2024-11-21T03:17:38.343

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

4.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	dp300_firmware	v500r002c00	Yes
Operating System	huawei	dp300_firmware	v500r002c00b010	Yes
Operating System	huawei	dp300_firmware	v500r002c00b011	Yes
Operating System	huawei	dp300_firmware	v500r002c00b012	Yes
Operating System	huawei	dp300_firmware	v500r002c00b013	Yes
Operating System	huawei	dp300_firmware	v500r002c00b014	Yes
Operating System	huawei	dp300_firmware	v500r002c00b017	Yes
Operating System	huawei	dp300_firmware	v500r002c00b018	Yes
Operating System	huawei	dp300_firmware	v500r002c00spc100	Yes
Operating System	huawei	dp300_firmware	v500r002c00spc200	Yes
Operating System	huawei	dp300_firmware	v500r002c00spc300	Yes
Operating System	huawei	dp300_firmware	v500r002c00spc400	Yes
Operating System	huawei	dp300_firmware	v500r002c00spc500	Yes
Operating System	huawei	dp300_firmware	v500r002c00spc600	Yes
Operating System	huawei	dp300_firmware	v500r002c00spc800	Yes
Operating System	huawei	dp300_firmware	v500r002c00spc900	Yes
Operating System	huawei	dp300_firmware	v500r002c00spca00	Yes
Hardware	huawei	dp300	-	No

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en ([email protected])
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en (af854a3a-2127-422b-91ae-364da2661108)