Search criteria
36 vulnerabilities found for s2700_firmware by huawei
CVE-2021-37129 (GCVE-0-2021-37129)
Vulnerability from nvd – Published: 2021-10-27 00:41 – Updated: 2024-08-04 01:16
VLAI?
Summary
There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20.
Severity ?
No CVSS data available.
CWE
- Out of Bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | IIPS Module;NGFW Module;NIP6600;S12700;S1700;S2700;S5700;S6700;S7700;S9700;USG9500 |
Affected:
V500R005C00,V500R005C20
Affected: V500R005C00 Affected: V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10 Affected: V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600 Affected: V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500 Affected: V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IIPS Module;NGFW Module;NIP6600;S12700;S1700;S2700;S5700;S6700;S7700;S9700;USG9500",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V500R005C00,V500R005C20"
},
{
"status": "affected",
"version": "V500R005C00"
},
{
"status": "affected",
"version": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10"
},
{
"status": "affected",
"version": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600"
},
{
"status": "affected",
"version": "V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500"
},
{
"status": "affected",
"version": "V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of Bounds Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T00:41:44",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-37129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IIPS Module;NGFW Module;NIP6600;S12700;S1700;S2700;S5700;S6700;S7700;S9700;USG9500",
"version": {
"version_data": [
{
"version_value": "V500R005C00,V500R005C20"
},
{
"version_value": "V500R005C00"
},
{
"version_value": "V500R005C00,V500R005C20"
},
{
"version_value": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10"
},
{
"version_value": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600"
},
{
"version_value": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600"
},
{
"version_value": "V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500"
},
{
"version_value": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600"
},
{
"version_value": "V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600"
},
{
"version_value": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600"
},
{
"version_value": "V500R005C00,V500R005C20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of Bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-37129",
"datePublished": "2021-10-27T00:41:44",
"dateReserved": "2021-07-20T00:00:00",
"dateUpdated": "2024-08-04T01:16:03.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22329 (GCVE-0-2021-22329)
Vulnerability from nvd – Published: 2021-06-29 19:05 – Updated: 2024-08-03 18:37
VLAI?
Summary
There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect integrity of the device. Affected product versions include:S12700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S1700 V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S2700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S5700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S6700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S7700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S9700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10.
Severity ?
No CVSS data available.
CWE
- Improper Licenses Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | S12700;S1700;S2700;S5700;S6700;S7700;S9700 |
Affected:
V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10
Affected: V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10 Affected: V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10 Affected: V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-resourcemanagement-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "S12700;S1700;S2700;S5700;S6700;S7700;S9700",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"status": "affected",
"version": "V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"status": "affected",
"version": "V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"status": "affected",
"version": "V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect integrity of the device. Affected product versions include:S12700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S1700 V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S2700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S5700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S6700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S7700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S9700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Licenses Management",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T19:05:31",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-resourcemanagement-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "S12700;S1700;S2700;S5700;S6700;S7700;S9700",
"version": {
"version_data": [
{
"version_value": "V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100"
},
{
"version_value": "V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100"
},
{
"version_value": "V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect integrity of the device. Affected product versions include:S12700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S1700 V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S2700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S5700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S6700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S7700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S9700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Licenses Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-resourcemanagement-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-resourcemanagement-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22329",
"datePublished": "2021-06-29T19:05:31",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22377 (GCVE-0-2021-22377)
Vulnerability from nvd – Published: 2021-06-22 18:10 – Updated: 2024-08-03 18:44
VLAI?
Summary
There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | S12700;S2700;S5700;S6700;S7700 |
Affected:
V200R019C00SPC500
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:12.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-cmdinj-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "S12700;S2700;S5700;S6700;S7700",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V200R019C00SPC500"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-22T18:10:10",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-cmdinj-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "S12700;S2700;S5700;S6700;S7700",
"version": {
"version_data": [
{
"version_value": "V200R019C00SPC500"
},
{
"version_value": "V200R019C00SPC500"
},
{
"version_value": "V200R019C00SPC500"
},
{
"version_value": "V200R019C00SPC500"
},
{
"version_value": "V200R019C00SPC500"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-cmdinj-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-cmdinj-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22377",
"datePublished": "2021-06-22T18:10:10",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:12.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22321 (GCVE-0-2021-22321)
Vulnerability from nvd – Published: 2021-03-22 19:03 – Updated: 2024-08-03 18:37
VLAI?
Summary
There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.
Severity ?
No CVSS data available.
CWE
- Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NIP6600;NIP6800;S12700;S1700;S2700;S5700;S6700;S7700;S9700;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500 |
Affected:
V500R001C30,V500R001C60
Affected: V500R001C30 Affected: V500R001C60 Affected: V200R007C01,V200R007C01B102,V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10 Affected: V200R009C00SPC200,V200R009C00SPC500,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10 Affected: V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10 Affected: V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-uaf-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NIP6600;NIP6800;S12700;S1700;S2700;S5700;S6700;S7700;S9700;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V500R001C30,V500R001C60"
},
{
"status": "affected",
"version": "V500R001C30"
},
{
"status": "affected",
"version": "V500R001C60"
},
{
"status": "affected",
"version": "V200R007C01,V200R007C01B102,V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"status": "affected",
"version": "V200R009C00SPC200,V200R009C00SPC500,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"status": "affected",
"version": "V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"status": "affected",
"version": "V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-22T19:03:52",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-uaf-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NIP6600;NIP6800;S12700;S1700;S2700;S5700;S6700;S7700;S9700;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500",
"version": {
"version_data": [
{
"version_value": "V500R001C30,V500R001C60"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "V500R001C60"
},
{
"version_value": "V200R007C01,V200R007C01B102,V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V200R009C00SPC200,V200R009C00SPC500,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100"
},
{
"version_value": "V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100"
},
{
"version_value": "V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V200R007C01,V200R007C01B102,V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V500R001C30,V500R001C60"
},
{
"version_value": "V500R001C30,V500R001C60"
},
{
"version_value": "V500R001C30,V500R001C60"
},
{
"version_value": "V500R001C30,V500R001C60"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-uaf-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-uaf-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22321",
"datePublished": "2021-03-22T19:03:52",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1866 (GCVE-0-2020-1866)
Vulnerability from nvd – Published: 2021-01-13 22:22 – Updated: 2024-08-04 06:53
VLAI?
Summary
There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00.
Severity ?
No CVSS data available.
CWE
- Out of Bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NIP6800;S12700;S2700;S5700;S6700;S7700;S9700;Secospace USG6600;USG9500 |
Affected:
V500R001C30,V500R001C60SPC500,V500R005C00
Affected: V200R008C00 Affected: V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00 Affected: V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:53:59.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NIP6800;S12700;S2700;S5700;S6700;S7700;S9700;Secospace USG6600;USG9500",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V500R001C30,V500R001C60SPC500,V500R005C00"
},
{
"status": "affected",
"version": "V200R008C00"
},
{
"status": "affected",
"version": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00"
},
{
"status": "affected",
"version": "V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of Bounds Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T22:22:04",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-1866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NIP6800;S12700;S2700;S5700;S6700;S7700;S9700;Secospace USG6600;USG9500",
"version": {
"version_data": [
{
"version_value": "V500R001C30,V500R001C60SPC500,V500R005C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00"
},
{
"version_value": "V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of Bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-1866",
"datePublished": "2021-01-13T22:22:04",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-04T06:53:59.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19397 (GCVE-0-2019-19397)
Vulnerability from nvd – Published: 2019-12-13 14:19 – Updated: 2024-08-05 02:16
VLAI?
Summary
There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks.
Severity ?
No CVSS data available.
CWE
- Weak Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | S12700;S1700;S2700;S5700;S6700;S7700;S9700 |
Affected:
V200R007C00
Affected: V200R007C01 Affected: V200R007C20 Affected: V200R008C00 Affected: V200R010C00 Affected: V200R011C10 Affected: V200R012C00 Affected: V200R006C10 Affected: V200R012C20 Affected: V200R006C00 Affected: V200R011C00 Affected: V200R005C00 Affected: V200R005C02 Affected: V200R005C03 Affected: V200R005C01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-vrp-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "S12700;S1700;S2700;S5700;S6700;S7700;S9700",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V200R007C00"
},
{
"status": "affected",
"version": "V200R007C01"
},
{
"status": "affected",
"version": "V200R007C20"
},
{
"status": "affected",
"version": "V200R008C00"
},
{
"status": "affected",
"version": "V200R010C00"
},
{
"status": "affected",
"version": "V200R011C10"
},
{
"status": "affected",
"version": "V200R012C00"
},
{
"status": "affected",
"version": "V200R006C10"
},
{
"status": "affected",
"version": "V200R012C20"
},
{
"status": "affected",
"version": "V200R006C00"
},
{
"status": "affected",
"version": "V200R011C00"
},
{
"status": "affected",
"version": "V200R005C00"
},
{
"status": "affected",
"version": "V200R005C02"
},
{
"status": "affected",
"version": "V200R005C03"
},
{
"status": "affected",
"version": "V200R005C01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Weak Algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T14:19:12",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-vrp-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-19397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "S12700;S1700;S2700;S5700;S6700;S7700;S9700",
"version": {
"version_data": [
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R007C20"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "V200R011C10"
},
{
"version_value": "V200R012C00"
},
{
"version_value": "V200R006C10"
},
{
"version_value": "V200R012C20"
},
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R011C00"
},
{
"version_value": "V200R005C00"
},
{
"version_value": "V200R005C02"
},
{
"version_value": "V200R005C03"
},
{
"version_value": "V200R005C01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Weak Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-vrp-en",
"refsource": "MISC",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-vrp-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-19397",
"datePublished": "2019-12-13T14:19:12",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5285 (GCVE-0-2019-5285)
Vulnerability from nvd – Published: 2019-06-04 18:47 – Updated: 2024-08-04 19:54
VLAI?
Summary
Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2019-03109)
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei | S12700, S12700, S12700, S12700, S12700, S12700, S12700, S12700, S1700, S1700, S1700, S1700, S1700, S1700, S2300, S2300, S2300, S2300, S2300, S2300, S2300, S2700, S2700, S2700, S2700, S2700, S2700, S2700, S2700, S5300, S5300, S5300, S5300, S5300, S5300, S5300, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S600-E, S600-E, S600-E, S600-E, S600-E, S6300, S6300, S6300, S6300, S6300, S6300, S6300, S6300, S6700, S6700, S6700, S6700, S6700, S6700, S6700, S6700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7900, S7900, S7900, S9300, S9300, S9300, S9300, S9300, S9300, S9300, S9300X, S9300X, S9300X, S9300X, S9700, S9700, S9700, S9700, S9700, S9700, S9700, S9700, S9700 |
Affected:
S12700 V200R008C00
Affected: S12700 V200R010C00 Affected: S12700 V200R012C00 Affected: S12700 V200R013C00 Affected: S12700 V200R011C10 Affected: S1700 V200R008C00 Affected: S1700 V200R009C00 Affected: S1700 V200R010C00 Affected: S1700 V200R011C10 Affected: S2300 V200R003C00 Affected: S2300 V200R005C00 Affected: S2300 V200R008C00 Affected: S2300 V200R010C00 Affected: S2300 V200R011C10 Affected: S2300 V200R012C00 Affected: S2300 V200R013C00 Affected: S2700 V200R005C00 Affected: S2700 V200R006C00 Affected: S2700 V200R007C00 Affected: S2700 V200R008C00 Affected: S2700 V200R010C00 Affected: S2700 V200R011C10 Affected: S2700 V200R012C00 Affected: S2700 V200R013C00 Affected: S5300 V200R003C00 Affected: S5300 V200R005C00 Affected: S5300 V200R008C00 Affected: S5300 V200R010C00 Affected: S5300 V200R011C10 Affected: S5300 V200R012C00 Affected: S5700 V200R006C00 Affected: S5700 V200R007C00 Affected: S5700 V200R008C00 Affected: S5700 V200R010C00 Affected: S5700 V200R011C10 Affected: S5700 V200R012C00 Affected: S5700 V200R013C00 Affected: S600-E V200R008C00 Affected: S600-E V200R010C00 Affected: S600-E V200R011C10 Affected: S600-E V200R012C00 Affected: S600-E V200R013C00 Affected: S6300 V200R003C00 Affected: S6300 V200R005C00 Affected: S6300 V200R007C00 Affected: S6300 V200R008C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:52.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "S12700, S12700, S12700, S12700, S12700, S12700, S12700, S12700, S1700, S1700, S1700, S1700, S1700, S1700, S2300, S2300, S2300, S2300, S2300, S2300, S2300, S2700, S2700, S2700, S2700, S2700, S2700, S2700, S2700, S5300, S5300, S5300, S5300, S5300, S5300, S5300, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S600-E, S600-E, S600-E, S600-E, S600-E, S6300, S6300, S6300, S6300, S6300, S6300, S6300, S6300, S6700, S6700, S6700, S6700, S6700, S6700, S6700, S6700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7900, S7900, S7900, S9300, S9300, S9300, S9300, S9300, S9300, S9300, S9300X, S9300X, S9300X, S9300X, S9700, S9700, S9700, S9700, S9700, S9700, S9700, S9700, S9700",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "S12700 V200R008C00"
},
{
"status": "affected",
"version": "S12700 V200R010C00"
},
{
"status": "affected",
"version": "S12700 V200R012C00"
},
{
"status": "affected",
"version": "S12700 V200R013C00"
},
{
"status": "affected",
"version": "S12700 V200R011C10"
},
{
"status": "affected",
"version": "S1700 V200R008C00"
},
{
"status": "affected",
"version": "S1700 V200R009C00"
},
{
"status": "affected",
"version": "S1700 V200R010C00"
},
{
"status": "affected",
"version": "S1700 V200R011C10"
},
{
"status": "affected",
"version": "S2300 V200R003C00"
},
{
"status": "affected",
"version": "S2300 V200R005C00"
},
{
"status": "affected",
"version": "S2300 V200R008C00"
},
{
"status": "affected",
"version": "S2300 V200R010C00"
},
{
"status": "affected",
"version": "S2300 V200R011C10"
},
{
"status": "affected",
"version": "S2300 V200R012C00"
},
{
"status": "affected",
"version": "S2300 V200R013C00"
},
{
"status": "affected",
"version": "S2700 V200R005C00"
},
{
"status": "affected",
"version": "S2700 V200R006C00"
},
{
"status": "affected",
"version": "S2700 V200R007C00"
},
{
"status": "affected",
"version": "S2700 V200R008C00"
},
{
"status": "affected",
"version": "S2700 V200R010C00"
},
{
"status": "affected",
"version": "S2700 V200R011C10"
},
{
"status": "affected",
"version": "S2700 V200R012C00"
},
{
"status": "affected",
"version": "S2700 V200R013C00"
},
{
"status": "affected",
"version": "S5300 V200R003C00"
},
{
"status": "affected",
"version": "S5300 V200R005C00"
},
{
"status": "affected",
"version": "S5300 V200R008C00"
},
{
"status": "affected",
"version": "S5300 V200R010C00"
},
{
"status": "affected",
"version": "S5300 V200R011C10"
},
{
"status": "affected",
"version": "S5300 V200R012C00"
},
{
"status": "affected",
"version": "S5700 V200R006C00"
},
{
"status": "affected",
"version": "S5700 V200R007C00"
},
{
"status": "affected",
"version": "S5700 V200R008C00"
},
{
"status": "affected",
"version": "S5700 V200R010C00"
},
{
"status": "affected",
"version": "S5700 V200R011C10"
},
{
"status": "affected",
"version": "S5700 V200R012C00"
},
{
"status": "affected",
"version": "S5700 V200R013C00"
},
{
"status": "affected",
"version": "S600-E V200R008C00"
},
{
"status": "affected",
"version": "S600-E V200R010C00"
},
{
"status": "affected",
"version": "S600-E V200R011C10"
},
{
"status": "affected",
"version": "S600-E V200R012C00"
},
{
"status": "affected",
"version": "S600-E V200R013C00"
},
{
"status": "affected",
"version": "S6300 V200R003C00"
},
{
"status": "affected",
"version": "S6300 V200R005C00"
},
{
"status": "affected",
"version": "S6300 V200R007C00"
},
{
"status": "affected",
"version": "S6300 V200R008C00"
}
]
}
],
"datePublic": "2019-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2019-03109)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-26T10:06:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "S12700, S12700, S12700, S12700, S12700, S12700, S12700, S12700, S1700, S1700, S1700, S1700, S1700, S1700, S2300, S2300, S2300, S2300, S2300, S2300, S2300, S2700, S2700, S2700, S2700, S2700, S2700, S2700, S2700, S5300, S5300, S5300, S5300, S5300, S5300, S5300, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S600-E, S600-E, S600-E, S600-E, S600-E, S6300, S6300, S6300, S6300, S6300, S6300, S6300, S6300, S6700, S6700, S6700, S6700, S6700, S6700, S6700, S6700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7900, S7900, S7900, S9300, S9300, S9300, S9300, S9300, S9300, S9300, S9300X, S9300X, S9300X, S9300X, S9700, S9700, S9700, S9700, S9700, S9700, S9700, S9700, S9700",
"version": {
"version_data": [
{
"version_value": "S12700 V200R008C00"
},
{
"version_value": "S12700 V200R010C00"
},
{
"version_value": "S12700 V200R012C00"
},
{
"version_value": "S12700 V200R013C00"
},
{
"version_value": "S12700 V200R011C10"
},
{
"version_value": "S1700 V200R008C00"
},
{
"version_value": "S1700 V200R009C00"
},
{
"version_value": "S1700 V200R010C00"
},
{
"version_value": "S1700 V200R011C10"
},
{
"version_value": "S2300 V200R003C00"
},
{
"version_value": "S2300 V200R005C00"
},
{
"version_value": "S2300 V200R008C00"
},
{
"version_value": "S2300 V200R010C00"
},
{
"version_value": "S2300 V200R011C10"
},
{
"version_value": "S2300 V200R012C00"
},
{
"version_value": "S2300 V200R013C00"
},
{
"version_value": "S2700 V200R005C00"
},
{
"version_value": "S2700 V200R006C00"
},
{
"version_value": "S2700 V200R007C00"
},
{
"version_value": "S2700 V200R008C00"
},
{
"version_value": "S2700 V200R010C00"
},
{
"version_value": "S2700 V200R011C10"
},
{
"version_value": "S2700 V200R012C00"
},
{
"version_value": "S2700 V200R013C00"
},
{
"version_value": "S5300 V200R003C00"
},
{
"version_value": "S5300 V200R005C00"
},
{
"version_value": "S5300 V200R008C00"
},
{
"version_value": "S5300 V200R010C00"
},
{
"version_value": "S5300 V200R011C10"
},
{
"version_value": "S5300 V200R012C00"
},
{
"version_value": "S5700 V200R006C00"
},
{
"version_value": "S5700 V200R007C00"
},
{
"version_value": "S5700 V200R008C00"
},
{
"version_value": "S5700 V200R010C00"
},
{
"version_value": "S5700 V200R011C10"
},
{
"version_value": "S5700 V200R012C00"
},
{
"version_value": "S5700 V200R013C00"
},
{
"version_value": "S600-E V200R008C00"
},
{
"version_value": "S600-E V200R010C00"
},
{
"version_value": "S600-E V200R011C10"
},
{
"version_value": "S600-E V200R012C00"
},
{
"version_value": "S600-E V200R013C00"
},
{
"version_value": "S6300 V200R003C00"
},
{
"version_value": "S6300 V200R005C00"
},
{
"version_value": "S6300 V200R007C00"
},
{
"version_value": "S6300 V200R008C00"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2019-03109)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5285",
"datePublished": "2019-06-04T18:47:35",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:52.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17250 (GCVE-0-2017-17250)
Vulnerability from nvd – Published: 2018-03-09 17:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash.
Severity ?
No CVSS data available.
CWE
- out-of-bounds write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | AR120-S; AR1200; AR1200-S; AR150; AR150-S; AR160; AR200; AR200-S; AR2200-S; AR3200; AR510; NetEngine16EX; SRG1300; SRG2300; SRG3300 |
Affected:
AR120-S V200R005C32
Affected: AR1200 V200R005C32 Affected: AR1200-S V200R005C32 Affected: AR150 V200R005C32 Affected: AR150-S V200R005C32 Affected: AR160 V200R005C32 Affected: AR200 V200R005C32 Affected: AR200-S V200R005C32 Affected: AR2200-S V200R005C32 Affected: AR3200 V200R005C32 Affected: V200R007C00 Affected: AR510 V200R005C32 Affected: NetEngine16EX V200R005C32 Affected: SRG1300 V200R005C32 Affected: SRG2300 V200R005C32 Affected: SRG3300 V200R005C32 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AR120-S; AR1200; AR1200-S; AR150; AR150-S; AR160; AR200; AR200-S; AR2200-S; AR3200; AR510; NetEngine16EX; SRG1300; SRG2300; SRG3300",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AR120-S V200R005C32"
},
{
"status": "affected",
"version": "AR1200 V200R005C32"
},
{
"status": "affected",
"version": "AR1200-S V200R005C32"
},
{
"status": "affected",
"version": "AR150 V200R005C32"
},
{
"status": "affected",
"version": "AR150-S V200R005C32"
},
{
"status": "affected",
"version": "AR160 V200R005C32"
},
{
"status": "affected",
"version": "AR200 V200R005C32"
},
{
"status": "affected",
"version": "AR200-S V200R005C32"
},
{
"status": "affected",
"version": "AR2200-S V200R005C32"
},
{
"status": "affected",
"version": "AR3200 V200R005C32"
},
{
"status": "affected",
"version": "V200R007C00"
},
{
"status": "affected",
"version": "AR510 V200R005C32"
},
{
"status": "affected",
"version": "NetEngine16EX V200R005C32"
},
{
"status": "affected",
"version": "SRG1300 V200R005C32"
},
{
"status": "affected",
"version": "SRG2300 V200R005C32"
},
{
"status": "affected",
"version": "SRG3300 V200R005C32"
}
]
}
],
"datePublic": "2018-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-09T16:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AR120-S; AR1200; AR1200-S; AR150; AR150-S; AR160; AR200; AR200-S; AR2200-S; AR3200; AR510; NetEngine16EX; SRG1300; SRG2300; SRG3300",
"version": {
"version_data": [
{
"version_value": "AR120-S V200R005C32"
},
{
"version_value": "AR1200 V200R005C32"
},
{
"version_value": "AR1200-S V200R005C32"
},
{
"version_value": "AR150 V200R005C32"
},
{
"version_value": "AR150-S V200R005C32"
},
{
"version_value": "AR160 V200R005C32"
},
{
"version_value": "AR200 V200R005C32"
},
{
"version_value": "AR200-S V200R005C32"
},
{
"version_value": "AR2200-S V200R005C32"
},
{
"version_value": "AR3200 V200R005C32"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "AR510 V200R005C32"
},
{
"version_value": "NetEngine16EX V200R005C32"
},
{
"version_value": "SRG1300 V200R005C32"
},
{
"version_value": "SRG2300 V200R005C32"
},
{
"version_value": "SRG3300 V200R005C32"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17250",
"datePublished": "2018-03-09T17:00:00",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17141 (GCVE-0-2017-17141)
Vulnerability from nvd – Published: 2018-03-05 19:00 – Updated: 2024-09-17 03:23
VLAI?
Summary
Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T; V200R008C00; V200R009C00;S3700 V100R006C03;S5700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R003C02; V200R005C00; V200R005C01; V200R005C02; V200R005C03; V200R006C00; V200R007C00; V200R008C00; V200R009C00;S6700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R005C01; V200R005C02; V200R008C00; V200R009C00;S7700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R006C01; V200R007C00; V200R007C01; V200R008C00; V200R008C06; V200R009C00;S9700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R008C00; V200R009C00 have a memory leak vulnerability. In some specific conditions, if attackers send specific malformed MPLS Service PING messages to the affected products, products do not release the memory when handling the packets. So successful exploit will result in memory leak of the affected products.
Severity ?
No CVSS data available.
CWE
- memory leak
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | S12700; S1700; S2700; S3700; S5700; S6700; S7700; S9700 |
Affected:
S12700 V200R005C00
Affected: V200R006C00 Affected: V200R007C00 Affected: V200R007C01 Affected: V200R007C20 Affected: V200R008C00 Affected: V200R009C00 Affected: S1700 V200R006C10 Affected: S2700 V100R006C03 Affected: V200R003C00 Affected: V200R005C00 Affected: V200R006C10 Affected: V200R007C00B050 Affected: V200R007C00SPC009T Affected: V200R007C00SPC019T Affected: S3700 V100R006C03 Affected: S5700 V200R001C00 Affected: V200R001C01 Affected: V200R002C00 Affected: V200R003C02 Affected: V200R005C01 Affected: V200R005C02 Affected: V200R005C03 Affected: S6700 V200R001C00 Affected: S7700 V200R001C00 Affected: V200R006C01 Affected: V200R008C06 Affected: S9700 V200R001C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-mpls-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "S12700; S1700; S2700; S3700; S5700; S6700; S7700; S9700",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "S12700 V200R005C00"
},
{
"status": "affected",
"version": "V200R006C00"
},
{
"status": "affected",
"version": "V200R007C00"
},
{
"status": "affected",
"version": "V200R007C01"
},
{
"status": "affected",
"version": "V200R007C20"
},
{
"status": "affected",
"version": "V200R008C00"
},
{
"status": "affected",
"version": "V200R009C00"
},
{
"status": "affected",
"version": "S1700 V200R006C10"
},
{
"status": "affected",
"version": "S2700 V100R006C03"
},
{
"status": "affected",
"version": "V200R003C00"
},
{
"status": "affected",
"version": "V200R005C00"
},
{
"status": "affected",
"version": "V200R006C10"
},
{
"status": "affected",
"version": "V200R007C00B050"
},
{
"status": "affected",
"version": "V200R007C00SPC009T"
},
{
"status": "affected",
"version": "V200R007C00SPC019T"
},
{
"status": "affected",
"version": "S3700 V100R006C03"
},
{
"status": "affected",
"version": "S5700 V200R001C00"
},
{
"status": "affected",
"version": "V200R001C01"
},
{
"status": "affected",
"version": "V200R002C00"
},
{
"status": "affected",
"version": "V200R003C02"
},
{
"status": "affected",
"version": "V200R005C01"
},
{
"status": "affected",
"version": "V200R005C02"
},
{
"status": "affected",
"version": "V200R005C03"
},
{
"status": "affected",
"version": "S6700 V200R001C00"
},
{
"status": "affected",
"version": "S7700 V200R001C00"
},
{
"status": "affected",
"version": "V200R006C01"
},
{
"status": "affected",
"version": "V200R008C06"
},
{
"status": "affected",
"version": "S9700 V200R001C00"
}
]
}
],
"datePublic": "2017-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T; V200R008C00; V200R009C00;S3700 V100R006C03;S5700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R003C02; V200R005C00; V200R005C01; V200R005C02; V200R005C03; V200R006C00; V200R007C00; V200R008C00; V200R009C00;S6700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R005C01; V200R005C02; V200R008C00; V200R009C00;S7700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R006C01; V200R007C00; V200R007C01; V200R008C00; V200R008C06; V200R009C00;S9700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R008C00; V200R009C00 have a memory leak vulnerability. In some specific conditions, if attackers send specific malformed MPLS Service PING messages to the affected products, products do not release the memory when handling the packets. So successful exploit will result in memory leak of the affected products."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "memory leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-05T18:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-mpls-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-12-06T00:00:00",
"ID": "CVE-2017-17141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "S12700; S1700; S2700; S3700; S5700; S6700; S7700; S9700",
"version": {
"version_data": [
{
"version_value": "S12700 V200R005C00"
},
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R007C20"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "S1700 V200R006C10"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "S2700 V100R006C03"
},
{
"version_value": "V200R003C00"
},
{
"version_value": "V200R005C00"
},
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R006C10"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R007C00B050"
},
{
"version_value": "V200R007C00SPC009T"
},
{
"version_value": "V200R007C00SPC019T"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "S3700 V100R006C03"
},
{
"version_value": "S5700 V200R001C00"
},
{
"version_value": "V200R001C01"
},
{
"version_value": "V200R002C00"
},
{
"version_value": "V200R003C00"
},
{
"version_value": "V200R003C02"
},
{
"version_value": "V200R005C00"
},
{
"version_value": "V200R005C01"
},
{
"version_value": "V200R005C02"
},
{
"version_value": "V200R005C03"
},
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "S6700 V200R001C00"
},
{
"version_value": "V200R001C01"
},
{
"version_value": "V200R002C00"
},
{
"version_value": "V200R003C00"
},
{
"version_value": "V200R005C00"
},
{
"version_value": "V200R005C01"
},
{
"version_value": "V200R005C02"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "S7700 V200R001C00"
},
{
"version_value": "V200R001C01"
},
{
"version_value": "V200R002C00"
},
{
"version_value": "V200R003C00"
},
{
"version_value": "V200R005C00"
},
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R006C01"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R008C06"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "S9700 V200R001C00"
},
{
"version_value": "V200R001C01"
},
{
"version_value": "V200R002C00"
},
{
"version_value": "V200R003C00"
},
{
"version_value": "V200R005C00"
},
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T; V200R008C00; V200R009C00;S3700 V100R006C03;S5700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R003C02; V200R005C00; V200R005C01; V200R005C02; V200R005C03; V200R006C00; V200R007C00; V200R008C00; V200R009C00;S6700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R005C01; V200R005C02; V200R008C00; V200R009C00;S7700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R006C01; V200R007C00; V200R007C01; V200R008C00; V200R008C06; V200R009C00;S9700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R008C00; V200R009C00 have a memory leak vulnerability. In some specific conditions, if attackers send specific malformed MPLS Service PING messages to the affected products, products do not release the memory when handling the packets. So successful exploit will result in memory leak of the affected products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "memory leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-mpls-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-mpls-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17141",
"datePublished": "2018-03-05T19:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-17T03:23:15.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17138 (GCVE-0-2017-17138)
Vulnerability from nvd – Published: 2018-03-05 19:00 – Updated: 2024-09-17 03:44
VLAI?
Summary
PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a DoS vulnerability in PEM module of Huawei products due to insufficient verification. An authenticated local attacker can make processing into deadloop by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service.
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 |
Affected:
DP300 V500R002C00
Affected: IPS Module V500R001C00 Affected: V500R001C30 Affected: NGFW Module V500R001C00 Affected: V500R002C00 Affected: NIP6300 V500R001C00 Affected: NIP6600 V500R001C00 Affected: RP200 V500R002C00 Affected: V600R006C00 Affected: S12700 V200R007C00 Affected: V200R007C01 Affected: V200R008C00 Affected: V200R009C00 Affected: V200R010C00 Affected: S1700 V200R006C10 Affected: S2700 V200R006C10 Affected: V200R007C00 Affected: S5700 V200R006C00 Affected: S6700 V200R008C00 Affected: S7700 V200R007C00 Affected: S9700 V200R007C00 Affected: Secospace USG6300 V500R001C00 Affected: Secospace USG6500 V500R001C00 Affected: Secospace USG6600 V500R001C00 Affected: V500R001C30S Affected: TE30 V100R001C02 Affected: V100R001C10 Affected: TE40 V500R002C00 Affected: TE50 V500R002C00 Affected: TE60 V100R001C01 Affected: TP3106 V100R002C00 Affected: TP3206 V100R002C00 Affected: V100R002C10 Affected: USG9500 V500R001C00 Affected: ViewPoint 9030 V100R011C02 Affected: V100R011C03 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "DP300 V500R002C00"
},
{
"status": "affected",
"version": "IPS Module V500R001C00"
},
{
"status": "affected",
"version": "V500R001C30"
},
{
"status": "affected",
"version": "NGFW Module V500R001C00"
},
{
"status": "affected",
"version": "V500R002C00"
},
{
"status": "affected",
"version": "NIP6300 V500R001C00"
},
{
"status": "affected",
"version": "NIP6600 V500R001C00"
},
{
"status": "affected",
"version": "RP200 V500R002C00"
},
{
"status": "affected",
"version": "V600R006C00"
},
{
"status": "affected",
"version": "S12700 V200R007C00"
},
{
"status": "affected",
"version": "V200R007C01"
},
{
"status": "affected",
"version": "V200R008C00"
},
{
"status": "affected",
"version": "V200R009C00"
},
{
"status": "affected",
"version": "V200R010C00"
},
{
"status": "affected",
"version": "S1700 V200R006C10"
},
{
"status": "affected",
"version": "S2700 V200R006C10"
},
{
"status": "affected",
"version": "V200R007C00"
},
{
"status": "affected",
"version": "S5700 V200R006C00"
},
{
"status": "affected",
"version": "S6700 V200R008C00"
},
{
"status": "affected",
"version": "S7700 V200R007C00"
},
{
"status": "affected",
"version": "S9700 V200R007C00"
},
{
"status": "affected",
"version": "Secospace USG6300 V500R001C00"
},
{
"status": "affected",
"version": "Secospace USG6500 V500R001C00"
},
{
"status": "affected",
"version": "Secospace USG6600 V500R001C00"
},
{
"status": "affected",
"version": "V500R001C30S"
},
{
"status": "affected",
"version": "TE30 V100R001C02"
},
{
"status": "affected",
"version": "V100R001C10"
},
{
"status": "affected",
"version": "TE40 V500R002C00"
},
{
"status": "affected",
"version": "TE50 V500R002C00"
},
{
"status": "affected",
"version": "TE60 V100R001C01"
},
{
"status": "affected",
"version": "TP3106 V100R002C00"
},
{
"status": "affected",
"version": "TP3206 V100R002C00"
},
{
"status": "affected",
"version": "V100R002C10"
},
{
"status": "affected",
"version": "USG9500 V500R001C00"
},
{
"status": "affected",
"version": "ViewPoint 9030 V100R011C02"
},
{
"status": "affected",
"version": "V100R011C03"
}
]
}
],
"datePublic": "2017-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a DoS vulnerability in PEM module of Huawei products due to insufficient verification. An authenticated local attacker can make processing into deadloop by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-05T18:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-12-06T00:00:00",
"ID": "CVE-2017-17138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"version": {
"version_data": [
{
"version_value": "DP300 V500R002C00"
},
{
"version_value": "IPS Module V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "NGFW Module V500R001C00"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "NIP6300 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "NIP6600 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "RP200 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "S12700 V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S1700 V200R006C10"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S2700 V200R006C10"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S5700 V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S6700 V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S7700 V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S9700 V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "Secospace USG6300 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "Secospace USG6500 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "Secospace USG6600 V500R001C00"
},
{
"version_value": "V500R001C30S"
},
{
"version_value": "TE30 V100R001C02"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE40 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE50 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE60 V100R001C01"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TP3106 V100R002C00"
},
{
"version_value": "TP3206 V100R002C00"
},
{
"version_value": "V100R002C10"
},
{
"version_value": "USG9500 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "ViewPoint 9030 V100R011C02"
},
{
"version_value": "V100R011C03"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a DoS vulnerability in PEM module of Huawei products due to insufficient verification. An authenticated local attacker can make processing into deadloop by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17138",
"datePublished": "2018-03-05T19:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-17T03:44:03.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17137 (GCVE-0-2017-17137)
Vulnerability from nvd – Published: 2018-03-05 19:00 – Updated: 2024-09-17 00:42
VLAI?
Summary
PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service.
Severity ?
No CVSS data available.
CWE
- Out-of-Bounds memory access
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 |
Affected:
DP300 V500R002C00
Affected: IPS Module V500R001C00 Affected: V500R001C30 Affected: NGFW Module V500R001C00 Affected: V500R002C00 Affected: NIP6300 V500R001C00 Affected: NIP6600 V500R001C00 Affected: RP200 V500R002C00 Affected: V600R006C00 Affected: S12700 V200R007C00 Affected: V200R007C01 Affected: V200R008C00 Affected: V200R009C00 Affected: V200R010C00 Affected: S1700 V200R006C10 Affected: S2700 V200R006C10 Affected: V200R007C00 Affected: S5700 V200R006C00 Affected: S6700 V200R008C00 Affected: S7700 V200R007C00 Affected: S9700 V200R007C00 Affected: Secospace USG6300 V500R001C00 Affected: Secospace USG6500 V500R001C00 Affected: Secospace USG6600 V500R001C00 Affected: V500R001C30S Affected: TE30 V100R001C02 Affected: V100R001C10 Affected: TE40 V500R002C00 Affected: TE50 V500R002C00 Affected: TE60 V100R001C01 Affected: TP3106 V100R002C00 Affected: TP3206 V100R002C00 Affected: V100R002C10 Affected: USG9500 V500R001C00 Affected: ViewPoint 9030 V100R011C02 Affected: V100R011C03 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "DP300 V500R002C00"
},
{
"status": "affected",
"version": "IPS Module V500R001C00"
},
{
"status": "affected",
"version": "V500R001C30"
},
{
"status": "affected",
"version": "NGFW Module V500R001C00"
},
{
"status": "affected",
"version": "V500R002C00"
},
{
"status": "affected",
"version": "NIP6300 V500R001C00"
},
{
"status": "affected",
"version": "NIP6600 V500R001C00"
},
{
"status": "affected",
"version": "RP200 V500R002C00"
},
{
"status": "affected",
"version": "V600R006C00"
},
{
"status": "affected",
"version": "S12700 V200R007C00"
},
{
"status": "affected",
"version": "V200R007C01"
},
{
"status": "affected",
"version": "V200R008C00"
},
{
"status": "affected",
"version": "V200R009C00"
},
{
"status": "affected",
"version": "V200R010C00"
},
{
"status": "affected",
"version": "S1700 V200R006C10"
},
{
"status": "affected",
"version": "S2700 V200R006C10"
},
{
"status": "affected",
"version": "V200R007C00"
},
{
"status": "affected",
"version": "S5700 V200R006C00"
},
{
"status": "affected",
"version": "S6700 V200R008C00"
},
{
"status": "affected",
"version": "S7700 V200R007C00"
},
{
"status": "affected",
"version": "S9700 V200R007C00"
},
{
"status": "affected",
"version": "Secospace USG6300 V500R001C00"
},
{
"status": "affected",
"version": "Secospace USG6500 V500R001C00"
},
{
"status": "affected",
"version": "Secospace USG6600 V500R001C00"
},
{
"status": "affected",
"version": "V500R001C30S"
},
{
"status": "affected",
"version": "TE30 V100R001C02"
},
{
"status": "affected",
"version": "V100R001C10"
},
{
"status": "affected",
"version": "TE40 V500R002C00"
},
{
"status": "affected",
"version": "TE50 V500R002C00"
},
{
"status": "affected",
"version": "TE60 V100R001C01"
},
{
"status": "affected",
"version": "TP3106 V100R002C00"
},
{
"status": "affected",
"version": "TP3206 V100R002C00"
},
{
"status": "affected",
"version": "V100R002C10"
},
{
"status": "affected",
"version": "USG9500 V500R001C00"
},
{
"status": "affected",
"version": "ViewPoint 9030 V100R011C02"
},
{
"status": "affected",
"version": "V100R011C03"
}
]
}
],
"datePublic": "2017-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Bounds memory access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-05T18:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-12-06T00:00:00",
"ID": "CVE-2017-17137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"version": {
"version_data": [
{
"version_value": "DP300 V500R002C00"
},
{
"version_value": "IPS Module V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "NGFW Module V500R001C00"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "NIP6300 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "NIP6600 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "RP200 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "S12700 V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S1700 V200R006C10"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S2700 V200R006C10"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S5700 V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S6700 V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S7700 V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S9700 V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "Secospace USG6300 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "Secospace USG6500 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "Secospace USG6600 V500R001C00"
},
{
"version_value": "V500R001C30S"
},
{
"version_value": "TE30 V100R001C02"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE40 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE50 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE60 V100R001C01"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TP3106 V100R002C00"
},
{
"version_value": "TP3206 V100R002C00"
},
{
"version_value": "V100R002C10"
},
{
"version_value": "USG9500 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "ViewPoint 9030 V100R011C02"
},
{
"version_value": "V100R011C03"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-Bounds memory access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17137",
"datePublished": "2018-03-05T19:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-17T00:42:09.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17136 (GCVE-0-2017-17136)
Vulnerability from nvd – Published: 2018-03-05 19:00 – Updated: 2024-09-16 16:49
VLAI?
Summary
PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a heap overflow vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service.
Severity ?
No CVSS data available.
CWE
- heap overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 |
Affected:
DP300 V500R002C00
Affected: IPS Module V500R001C00 Affected: V500R001C30 Affected: NGFW Module V500R001C00 Affected: V500R002C00 Affected: NIP6300 V500R001C00 Affected: NIP6600 V500R001C00 Affected: RP200 V500R002C00 Affected: V600R006C00 Affected: S12700 V200R007C00 Affected: V200R007C01 Affected: V200R008C00 Affected: V200R009C00 Affected: V200R010C00 Affected: S1700 V200R006C10 Affected: S2700 V200R006C10 Affected: V200R007C00 Affected: S5700 V200R006C00 Affected: S6700 V200R008C00 Affected: S7700 V200R007C00 Affected: S9700 V200R007C00 Affected: Secospace USG6300 V500R001C00 Affected: Secospace USG6500 V500R001C00 Affected: Secospace USG6600 V500R001C00 Affected: V500R001C30S Affected: TE30 V100R001C02 Affected: V100R001C10 Affected: TE40 V500R002C00 Affected: TE50 V500R002C00 Affected: TE60 V100R001C01 Affected: TP3106 V100R002C00 Affected: TP3206 V100R002C00 Affected: V100R002C10 Affected: USG9500 V500R001C00 Affected: ViewPoint 9030 V100R011C02 Affected: V100R011C03 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "DP300 V500R002C00"
},
{
"status": "affected",
"version": "IPS Module V500R001C00"
},
{
"status": "affected",
"version": "V500R001C30"
},
{
"status": "affected",
"version": "NGFW Module V500R001C00"
},
{
"status": "affected",
"version": "V500R002C00"
},
{
"status": "affected",
"version": "NIP6300 V500R001C00"
},
{
"status": "affected",
"version": "NIP6600 V500R001C00"
},
{
"status": "affected",
"version": "RP200 V500R002C00"
},
{
"status": "affected",
"version": "V600R006C00"
},
{
"status": "affected",
"version": "S12700 V200R007C00"
},
{
"status": "affected",
"version": "V200R007C01"
},
{
"status": "affected",
"version": "V200R008C00"
},
{
"status": "affected",
"version": "V200R009C00"
},
{
"status": "affected",
"version": "V200R010C00"
},
{
"status": "affected",
"version": "S1700 V200R006C10"
},
{
"status": "affected",
"version": "S2700 V200R006C10"
},
{
"status": "affected",
"version": "V200R007C00"
},
{
"status": "affected",
"version": "S5700 V200R006C00"
},
{
"status": "affected",
"version": "S6700 V200R008C00"
},
{
"status": "affected",
"version": "S7700 V200R007C00"
},
{
"status": "affected",
"version": "S9700 V200R007C00"
},
{
"status": "affected",
"version": "Secospace USG6300 V500R001C00"
},
{
"status": "affected",
"version": "Secospace USG6500 V500R001C00"
},
{
"status": "affected",
"version": "Secospace USG6600 V500R001C00"
},
{
"status": "affected",
"version": "V500R001C30S"
},
{
"status": "affected",
"version": "TE30 V100R001C02"
},
{
"status": "affected",
"version": "V100R001C10"
},
{
"status": "affected",
"version": "TE40 V500R002C00"
},
{
"status": "affected",
"version": "TE50 V500R002C00"
},
{
"status": "affected",
"version": "TE60 V100R001C01"
},
{
"status": "affected",
"version": "TP3106 V100R002C00"
},
{
"status": "affected",
"version": "TP3206 V100R002C00"
},
{
"status": "affected",
"version": "V100R002C10"
},
{
"status": "affected",
"version": "USG9500 V500R001C00"
},
{
"status": "affected",
"version": "ViewPoint 9030 V100R011C02"
},
{
"status": "affected",
"version": "V100R011C03"
}
]
}
],
"datePublic": "2017-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a heap overflow vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "heap overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-05T18:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-12-06T00:00:00",
"ID": "CVE-2017-17136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"version": {
"version_data": [
{
"version_value": "DP300 V500R002C00"
},
{
"version_value": "IPS Module V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "NGFW Module V500R001C00"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "NIP6300 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "NIP6600 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "RP200 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "S12700 V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S1700 V200R006C10"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S2700 V200R006C10"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S5700 V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S6700 V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S7700 V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S9700 V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "Secospace USG6300 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "Secospace USG6500 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "Secospace USG6600 V500R001C00"
},
{
"version_value": "V500R001C30S"
},
{
"version_value": "TE30 V100R001C02"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE40 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE50 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE60 V100R001C01"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TP3106 V100R002C00"
},
{
"version_value": "TP3206 V100R002C00"
},
{
"version_value": "V100R002C10"
},
{
"version_value": "USG9500 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "ViewPoint 9030 V100R011C02"
},
{
"version_value": "V100R011C03"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a heap overflow vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17136",
"datePublished": "2018-03-05T19:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-16T16:49:17.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17135 (GCVE-0-2017-17135)
Vulnerability from nvd – Published: 2018-03-05 19:00 – Updated: 2024-09-17 00:31
VLAI?
Summary
PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a null pointer reference vulnerability due to insufficient verification. An authenticated local attacker calls PEM decoder with special parameter which could cause a denial of service.
Severity ?
No CVSS data available.
CWE
- null pointer reference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 |
Affected:
DP300 V500R002C00
Affected: IPS Module V500R001C00 Affected: V500R001C30 Affected: NGFW Module V500R001C00 Affected: V500R002C00 Affected: NIP6300 V500R001C00 Affected: NIP6600 V500R001C00 Affected: RP200 V500R002C00 Affected: V600R006C00 Affected: S12700 V200R007C00 Affected: V200R007C01 Affected: V200R008C00 Affected: V200R009C00 Affected: V200R010C00 Affected: S1700 V200R006C10 Affected: S2700 V200R006C10 Affected: V200R007C00 Affected: S5700 V200R006C00 Affected: S6700 V200R008C00 Affected: S7700 V200R007C00 Affected: S9700 V200R007C00 Affected: Secospace USG6300 V500R001C00 Affected: Secospace USG6500 V500R001C00 Affected: Secospace USG6600 V500R001C00 Affected: V500R001C30S Affected: TE30 V100R001C02 Affected: V100R001C10 Affected: TE40 V500R002C00 Affected: TE50 V500R002C00 Affected: TE60 V100R001C01 Affected: TP3106 V100R002C00 Affected: TP3206 V100R002C00 Affected: V100R002C10 Affected: USG9500 V500R001C00 Affected: ViewPoint 9030 V100R011C02 Affected: V100R011C03 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "DP300 V500R002C00"
},
{
"status": "affected",
"version": "IPS Module V500R001C00"
},
{
"status": "affected",
"version": "V500R001C30"
},
{
"status": "affected",
"version": "NGFW Module V500R001C00"
},
{
"status": "affected",
"version": "V500R002C00"
},
{
"status": "affected",
"version": "NIP6300 V500R001C00"
},
{
"status": "affected",
"version": "NIP6600 V500R001C00"
},
{
"status": "affected",
"version": "RP200 V500R002C00"
},
{
"status": "affected",
"version": "V600R006C00"
},
{
"status": "affected",
"version": "S12700 V200R007C00"
},
{
"status": "affected",
"version": "V200R007C01"
},
{
"status": "affected",
"version": "V200R008C00"
},
{
"status": "affected",
"version": "V200R009C00"
},
{
"status": "affected",
"version": "V200R010C00"
},
{
"status": "affected",
"version": "S1700 V200R006C10"
},
{
"status": "affected",
"version": "S2700 V200R006C10"
},
{
"status": "affected",
"version": "V200R007C00"
},
{
"status": "affected",
"version": "S5700 V200R006C00"
},
{
"status": "affected",
"version": "S6700 V200R008C00"
},
{
"status": "affected",
"version": "S7700 V200R007C00"
},
{
"status": "affected",
"version": "S9700 V200R007C00"
},
{
"status": "affected",
"version": "Secospace USG6300 V500R001C00"
},
{
"status": "affected",
"version": "Secospace USG6500 V500R001C00"
},
{
"status": "affected",
"version": "Secospace USG6600 V500R001C00"
},
{
"status": "affected",
"version": "V500R001C30S"
},
{
"status": "affected",
"version": "TE30 V100R001C02"
},
{
"status": "affected",
"version": "V100R001C10"
},
{
"status": "affected",
"version": "TE40 V500R002C00"
},
{
"status": "affected",
"version": "TE50 V500R002C00"
},
{
"status": "affected",
"version": "TE60 V100R001C01"
},
{
"status": "affected",
"version": "TP3106 V100R002C00"
},
{
"status": "affected",
"version": "TP3206 V100R002C00"
},
{
"status": "affected",
"version": "V100R002C10"
},
{
"status": "affected",
"version": "USG9500 V500R001C00"
},
{
"status": "affected",
"version": "ViewPoint 9030 V100R011C02"
},
{
"status": "affected",
"version": "V100R011C03"
}
]
}
],
"datePublic": "2017-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a null pointer reference vulnerability due to insufficient verification. An authenticated local attacker calls PEM decoder with special parameter which could cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "null pointer reference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-05T18:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-12-06T00:00:00",
"ID": "CVE-2017-17135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"version": {
"version_data": [
{
"version_value": "DP300 V500R002C00"
},
{
"version_value": "IPS Module V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "NGFW Module V500R001C00"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "NIP6300 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "NIP6600 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "RP200 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "S12700 V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S1700 V200R006C10"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S2700 V200R006C10"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S5700 V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S6700 V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S7700 V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S9700 V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "Secospace USG6300 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "Secospace USG6500 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "Secospace USG6600 V500R001C00"
},
{
"version_value": "V500R001C30S"
},
{
"version_value": "TE30 V100R001C02"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE40 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE50 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE60 V100R001C01"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TP3106 V100R002C00"
},
{
"version_value": "TP3206 V100R002C00"
},
{
"version_value": "V100R002C10"
},
{
"version_value": "USG9500 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "ViewPoint 9030 V100R011C02"
},
{
"version_value": "V100R011C03"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a null pointer reference vulnerability due to insufficient verification. An authenticated local attacker calls PEM decoder with special parameter which could cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "null pointer reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17135",
"datePublished": "2018-03-05T19:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-17T00:31:13.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17165 (GCVE-0-2017-17165)
Vulnerability from nvd – Published: 2018-02-15 16:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause device to reset.
Severity ?
No CVSS data available.
CWE
- out-of-bounds read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Quidway S2700,Quidway S5300,Quidway S5700,S2300,S2700,S5300,S5700,S600-E,S6300,S6700 |
Affected:
Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Quidway S2700,Quidway S5300,Quidway S5700,S2300,S2700,S5300,S5700,S600-E,S6300,S6700",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00"
}
]
}
],
"datePublic": "2017-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause device to reset."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T15:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quidway S2700,Quidway S5300,Quidway S5700,S2300,S2700,S5300,S5700,S600-E,S6300,S6700",
"version": {
"version_data": [
{
"version_value": "Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause device to reset."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17165",
"datePublished": "2018-02-15T16:00:00",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5394 (GCVE-0-2014-5394)
Vulnerability from nvd – Published: 2018-01-08 19:00 – Updated: 2024-08-06 11:41
VLAI?
Summary
Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69302",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69302"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-362701"
},
{
"name": "campusswitch-cve20145394-info-disc(97763)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-08T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69302",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69302"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-362701"
},
{
"name": "campusswitch-cve20145394-info-disc(97763)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97763"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69302",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69302"
},
{
"name": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-362701",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-362701"
},
{
"name": "campusswitch-cve20145394-info-disc(97763)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97763"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5394",
"datePublished": "2018-01-08T19:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2024-08-06T11:41:49.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37129 (GCVE-0-2021-37129)
Vulnerability from cvelistv5 – Published: 2021-10-27 00:41 – Updated: 2024-08-04 01:16
VLAI?
Summary
There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20.
Severity ?
No CVSS data available.
CWE
- Out of Bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | IIPS Module;NGFW Module;NIP6600;S12700;S1700;S2700;S5700;S6700;S7700;S9700;USG9500 |
Affected:
V500R005C00,V500R005C20
Affected: V500R005C00 Affected: V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10 Affected: V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600 Affected: V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500 Affected: V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IIPS Module;NGFW Module;NIP6600;S12700;S1700;S2700;S5700;S6700;S7700;S9700;USG9500",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V500R005C00,V500R005C20"
},
{
"status": "affected",
"version": "V500R005C00"
},
{
"status": "affected",
"version": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10"
},
{
"status": "affected",
"version": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600"
},
{
"status": "affected",
"version": "V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500"
},
{
"status": "affected",
"version": "V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of Bounds Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T00:41:44",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-37129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IIPS Module;NGFW Module;NIP6600;S12700;S1700;S2700;S5700;S6700;S7700;S9700;USG9500",
"version": {
"version_data": [
{
"version_value": "V500R005C00,V500R005C20"
},
{
"version_value": "V500R005C00"
},
{
"version_value": "V500R005C00,V500R005C20"
},
{
"version_value": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10"
},
{
"version_value": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600"
},
{
"version_value": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600"
},
{
"version_value": "V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500"
},
{
"version_value": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600"
},
{
"version_value": "V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600"
},
{
"version_value": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600"
},
{
"version_value": "V500R005C00,V500R005C20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of Bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-37129",
"datePublished": "2021-10-27T00:41:44",
"dateReserved": "2021-07-20T00:00:00",
"dateUpdated": "2024-08-04T01:16:03.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22329 (GCVE-0-2021-22329)
Vulnerability from cvelistv5 – Published: 2021-06-29 19:05 – Updated: 2024-08-03 18:37
VLAI?
Summary
There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect integrity of the device. Affected product versions include:S12700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S1700 V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S2700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S5700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S6700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S7700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S9700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10.
Severity ?
No CVSS data available.
CWE
- Improper Licenses Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | S12700;S1700;S2700;S5700;S6700;S7700;S9700 |
Affected:
V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10
Affected: V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10 Affected: V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10 Affected: V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-resourcemanagement-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "S12700;S1700;S2700;S5700;S6700;S7700;S9700",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"status": "affected",
"version": "V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"status": "affected",
"version": "V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"status": "affected",
"version": "V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect integrity of the device. Affected product versions include:S12700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S1700 V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S2700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S5700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S6700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S7700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S9700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Licenses Management",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T19:05:31",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-resourcemanagement-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "S12700;S1700;S2700;S5700;S6700;S7700;S9700",
"version": {
"version_data": [
{
"version_value": "V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100"
},
{
"version_value": "V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100"
},
{
"version_value": "V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect integrity of the device. Affected product versions include:S12700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S1700 V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S2700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S5700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S6700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S7700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S9700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Licenses Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-resourcemanagement-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-resourcemanagement-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22329",
"datePublished": "2021-06-29T19:05:31",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22377 (GCVE-0-2021-22377)
Vulnerability from cvelistv5 – Published: 2021-06-22 18:10 – Updated: 2024-08-03 18:44
VLAI?
Summary
There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | S12700;S2700;S5700;S6700;S7700 |
Affected:
V200R019C00SPC500
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:12.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-cmdinj-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "S12700;S2700;S5700;S6700;S7700",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V200R019C00SPC500"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-22T18:10:10",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-cmdinj-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "S12700;S2700;S5700;S6700;S7700",
"version": {
"version_data": [
{
"version_value": "V200R019C00SPC500"
},
{
"version_value": "V200R019C00SPC500"
},
{
"version_value": "V200R019C00SPC500"
},
{
"version_value": "V200R019C00SPC500"
},
{
"version_value": "V200R019C00SPC500"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-cmdinj-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-cmdinj-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22377",
"datePublished": "2021-06-22T18:10:10",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:12.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22321 (GCVE-0-2021-22321)
Vulnerability from cvelistv5 – Published: 2021-03-22 19:03 – Updated: 2024-08-03 18:37
VLAI?
Summary
There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.
Severity ?
No CVSS data available.
CWE
- Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NIP6600;NIP6800;S12700;S1700;S2700;S5700;S6700;S7700;S9700;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500 |
Affected:
V500R001C30,V500R001C60
Affected: V500R001C30 Affected: V500R001C60 Affected: V200R007C01,V200R007C01B102,V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10 Affected: V200R009C00SPC200,V200R009C00SPC500,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10 Affected: V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10 Affected: V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-uaf-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NIP6600;NIP6800;S12700;S1700;S2700;S5700;S6700;S7700;S9700;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V500R001C30,V500R001C60"
},
{
"status": "affected",
"version": "V500R001C30"
},
{
"status": "affected",
"version": "V500R001C60"
},
{
"status": "affected",
"version": "V200R007C01,V200R007C01B102,V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"status": "affected",
"version": "V200R009C00SPC200,V200R009C00SPC500,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"status": "affected",
"version": "V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"status": "affected",
"version": "V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-22T19:03:52",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-uaf-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NIP6600;NIP6800;S12700;S1700;S2700;S5700;S6700;S7700;S9700;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500",
"version": {
"version_data": [
{
"version_value": "V500R001C30,V500R001C60"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "V500R001C60"
},
{
"version_value": "V200R007C01,V200R007C01B102,V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V200R009C00SPC200,V200R009C00SPC500,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100"
},
{
"version_value": "V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100"
},
{
"version_value": "V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V200R007C01,V200R007C01B102,V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
},
{
"version_value": "V500R001C30,V500R001C60"
},
{
"version_value": "V500R001C30,V500R001C60"
},
{
"version_value": "V500R001C30,V500R001C60"
},
{
"version_value": "V500R001C30,V500R001C60"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-uaf-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-uaf-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22321",
"datePublished": "2021-03-22T19:03:52",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1866 (GCVE-0-2020-1866)
Vulnerability from cvelistv5 – Published: 2021-01-13 22:22 – Updated: 2024-08-04 06:53
VLAI?
Summary
There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00.
Severity ?
No CVSS data available.
CWE
- Out of Bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NIP6800;S12700;S2700;S5700;S6700;S7700;S9700;Secospace USG6600;USG9500 |
Affected:
V500R001C30,V500R001C60SPC500,V500R005C00
Affected: V200R008C00 Affected: V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00 Affected: V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:53:59.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NIP6800;S12700;S2700;S5700;S6700;S7700;S9700;Secospace USG6600;USG9500",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V500R001C30,V500R001C60SPC500,V500R005C00"
},
{
"status": "affected",
"version": "V200R008C00"
},
{
"status": "affected",
"version": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00"
},
{
"status": "affected",
"version": "V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of Bounds Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T22:22:04",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-1866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NIP6800;S12700;S2700;S5700;S6700;S7700;S9700;Secospace USG6600;USG9500",
"version": {
"version_data": [
{
"version_value": "V500R001C30,V500R001C60SPC500,V500R005C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00"
},
{
"version_value": "V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of Bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-1866",
"datePublished": "2021-01-13T22:22:04",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-04T06:53:59.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19397 (GCVE-0-2019-19397)
Vulnerability from cvelistv5 – Published: 2019-12-13 14:19 – Updated: 2024-08-05 02:16
VLAI?
Summary
There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks.
Severity ?
No CVSS data available.
CWE
- Weak Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | S12700;S1700;S2700;S5700;S6700;S7700;S9700 |
Affected:
V200R007C00
Affected: V200R007C01 Affected: V200R007C20 Affected: V200R008C00 Affected: V200R010C00 Affected: V200R011C10 Affected: V200R012C00 Affected: V200R006C10 Affected: V200R012C20 Affected: V200R006C00 Affected: V200R011C00 Affected: V200R005C00 Affected: V200R005C02 Affected: V200R005C03 Affected: V200R005C01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-vrp-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "S12700;S1700;S2700;S5700;S6700;S7700;S9700",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V200R007C00"
},
{
"status": "affected",
"version": "V200R007C01"
},
{
"status": "affected",
"version": "V200R007C20"
},
{
"status": "affected",
"version": "V200R008C00"
},
{
"status": "affected",
"version": "V200R010C00"
},
{
"status": "affected",
"version": "V200R011C10"
},
{
"status": "affected",
"version": "V200R012C00"
},
{
"status": "affected",
"version": "V200R006C10"
},
{
"status": "affected",
"version": "V200R012C20"
},
{
"status": "affected",
"version": "V200R006C00"
},
{
"status": "affected",
"version": "V200R011C00"
},
{
"status": "affected",
"version": "V200R005C00"
},
{
"status": "affected",
"version": "V200R005C02"
},
{
"status": "affected",
"version": "V200R005C03"
},
{
"status": "affected",
"version": "V200R005C01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Weak Algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T14:19:12",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-vrp-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-19397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "S12700;S1700;S2700;S5700;S6700;S7700;S9700",
"version": {
"version_data": [
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R007C20"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "V200R011C10"
},
{
"version_value": "V200R012C00"
},
{
"version_value": "V200R006C10"
},
{
"version_value": "V200R012C20"
},
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R011C00"
},
{
"version_value": "V200R005C00"
},
{
"version_value": "V200R005C02"
},
{
"version_value": "V200R005C03"
},
{
"version_value": "V200R005C01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Weak Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-vrp-en",
"refsource": "MISC",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-vrp-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-19397",
"datePublished": "2019-12-13T14:19:12",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5285 (GCVE-0-2019-5285)
Vulnerability from cvelistv5 – Published: 2019-06-04 18:47 – Updated: 2024-08-04 19:54
VLAI?
Summary
Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2019-03109)
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei | S12700, S12700, S12700, S12700, S12700, S12700, S12700, S12700, S1700, S1700, S1700, S1700, S1700, S1700, S2300, S2300, S2300, S2300, S2300, S2300, S2300, S2700, S2700, S2700, S2700, S2700, S2700, S2700, S2700, S5300, S5300, S5300, S5300, S5300, S5300, S5300, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S600-E, S600-E, S600-E, S600-E, S600-E, S6300, S6300, S6300, S6300, S6300, S6300, S6300, S6300, S6700, S6700, S6700, S6700, S6700, S6700, S6700, S6700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7900, S7900, S7900, S9300, S9300, S9300, S9300, S9300, S9300, S9300, S9300X, S9300X, S9300X, S9300X, S9700, S9700, S9700, S9700, S9700, S9700, S9700, S9700, S9700 |
Affected:
S12700 V200R008C00
Affected: S12700 V200R010C00 Affected: S12700 V200R012C00 Affected: S12700 V200R013C00 Affected: S12700 V200R011C10 Affected: S1700 V200R008C00 Affected: S1700 V200R009C00 Affected: S1700 V200R010C00 Affected: S1700 V200R011C10 Affected: S2300 V200R003C00 Affected: S2300 V200R005C00 Affected: S2300 V200R008C00 Affected: S2300 V200R010C00 Affected: S2300 V200R011C10 Affected: S2300 V200R012C00 Affected: S2300 V200R013C00 Affected: S2700 V200R005C00 Affected: S2700 V200R006C00 Affected: S2700 V200R007C00 Affected: S2700 V200R008C00 Affected: S2700 V200R010C00 Affected: S2700 V200R011C10 Affected: S2700 V200R012C00 Affected: S2700 V200R013C00 Affected: S5300 V200R003C00 Affected: S5300 V200R005C00 Affected: S5300 V200R008C00 Affected: S5300 V200R010C00 Affected: S5300 V200R011C10 Affected: S5300 V200R012C00 Affected: S5700 V200R006C00 Affected: S5700 V200R007C00 Affected: S5700 V200R008C00 Affected: S5700 V200R010C00 Affected: S5700 V200R011C10 Affected: S5700 V200R012C00 Affected: S5700 V200R013C00 Affected: S600-E V200R008C00 Affected: S600-E V200R010C00 Affected: S600-E V200R011C10 Affected: S600-E V200R012C00 Affected: S600-E V200R013C00 Affected: S6300 V200R003C00 Affected: S6300 V200R005C00 Affected: S6300 V200R007C00 Affected: S6300 V200R008C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:52.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "S12700, S12700, S12700, S12700, S12700, S12700, S12700, S12700, S1700, S1700, S1700, S1700, S1700, S1700, S2300, S2300, S2300, S2300, S2300, S2300, S2300, S2700, S2700, S2700, S2700, S2700, S2700, S2700, S2700, S5300, S5300, S5300, S5300, S5300, S5300, S5300, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S600-E, S600-E, S600-E, S600-E, S600-E, S6300, S6300, S6300, S6300, S6300, S6300, S6300, S6300, S6700, S6700, S6700, S6700, S6700, S6700, S6700, S6700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7900, S7900, S7900, S9300, S9300, S9300, S9300, S9300, S9300, S9300, S9300X, S9300X, S9300X, S9300X, S9700, S9700, S9700, S9700, S9700, S9700, S9700, S9700, S9700",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "S12700 V200R008C00"
},
{
"status": "affected",
"version": "S12700 V200R010C00"
},
{
"status": "affected",
"version": "S12700 V200R012C00"
},
{
"status": "affected",
"version": "S12700 V200R013C00"
},
{
"status": "affected",
"version": "S12700 V200R011C10"
},
{
"status": "affected",
"version": "S1700 V200R008C00"
},
{
"status": "affected",
"version": "S1700 V200R009C00"
},
{
"status": "affected",
"version": "S1700 V200R010C00"
},
{
"status": "affected",
"version": "S1700 V200R011C10"
},
{
"status": "affected",
"version": "S2300 V200R003C00"
},
{
"status": "affected",
"version": "S2300 V200R005C00"
},
{
"status": "affected",
"version": "S2300 V200R008C00"
},
{
"status": "affected",
"version": "S2300 V200R010C00"
},
{
"status": "affected",
"version": "S2300 V200R011C10"
},
{
"status": "affected",
"version": "S2300 V200R012C00"
},
{
"status": "affected",
"version": "S2300 V200R013C00"
},
{
"status": "affected",
"version": "S2700 V200R005C00"
},
{
"status": "affected",
"version": "S2700 V200R006C00"
},
{
"status": "affected",
"version": "S2700 V200R007C00"
},
{
"status": "affected",
"version": "S2700 V200R008C00"
},
{
"status": "affected",
"version": "S2700 V200R010C00"
},
{
"status": "affected",
"version": "S2700 V200R011C10"
},
{
"status": "affected",
"version": "S2700 V200R012C00"
},
{
"status": "affected",
"version": "S2700 V200R013C00"
},
{
"status": "affected",
"version": "S5300 V200R003C00"
},
{
"status": "affected",
"version": "S5300 V200R005C00"
},
{
"status": "affected",
"version": "S5300 V200R008C00"
},
{
"status": "affected",
"version": "S5300 V200R010C00"
},
{
"status": "affected",
"version": "S5300 V200R011C10"
},
{
"status": "affected",
"version": "S5300 V200R012C00"
},
{
"status": "affected",
"version": "S5700 V200R006C00"
},
{
"status": "affected",
"version": "S5700 V200R007C00"
},
{
"status": "affected",
"version": "S5700 V200R008C00"
},
{
"status": "affected",
"version": "S5700 V200R010C00"
},
{
"status": "affected",
"version": "S5700 V200R011C10"
},
{
"status": "affected",
"version": "S5700 V200R012C00"
},
{
"status": "affected",
"version": "S5700 V200R013C00"
},
{
"status": "affected",
"version": "S600-E V200R008C00"
},
{
"status": "affected",
"version": "S600-E V200R010C00"
},
{
"status": "affected",
"version": "S600-E V200R011C10"
},
{
"status": "affected",
"version": "S600-E V200R012C00"
},
{
"status": "affected",
"version": "S600-E V200R013C00"
},
{
"status": "affected",
"version": "S6300 V200R003C00"
},
{
"status": "affected",
"version": "S6300 V200R005C00"
},
{
"status": "affected",
"version": "S6300 V200R007C00"
},
{
"status": "affected",
"version": "S6300 V200R008C00"
}
]
}
],
"datePublic": "2019-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2019-03109)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-26T10:06:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "S12700, S12700, S12700, S12700, S12700, S12700, S12700, S12700, S1700, S1700, S1700, S1700, S1700, S1700, S2300, S2300, S2300, S2300, S2300, S2300, S2300, S2700, S2700, S2700, S2700, S2700, S2700, S2700, S2700, S5300, S5300, S5300, S5300, S5300, S5300, S5300, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S5700, S600-E, S600-E, S600-E, S600-E, S600-E, S6300, S6300, S6300, S6300, S6300, S6300, S6300, S6300, S6700, S6700, S6700, S6700, S6700, S6700, S6700, S6700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7700, S7900, S7900, S7900, S9300, S9300, S9300, S9300, S9300, S9300, S9300, S9300X, S9300X, S9300X, S9300X, S9700, S9700, S9700, S9700, S9700, S9700, S9700, S9700, S9700",
"version": {
"version_data": [
{
"version_value": "S12700 V200R008C00"
},
{
"version_value": "S12700 V200R010C00"
},
{
"version_value": "S12700 V200R012C00"
},
{
"version_value": "S12700 V200R013C00"
},
{
"version_value": "S12700 V200R011C10"
},
{
"version_value": "S1700 V200R008C00"
},
{
"version_value": "S1700 V200R009C00"
},
{
"version_value": "S1700 V200R010C00"
},
{
"version_value": "S1700 V200R011C10"
},
{
"version_value": "S2300 V200R003C00"
},
{
"version_value": "S2300 V200R005C00"
},
{
"version_value": "S2300 V200R008C00"
},
{
"version_value": "S2300 V200R010C00"
},
{
"version_value": "S2300 V200R011C10"
},
{
"version_value": "S2300 V200R012C00"
},
{
"version_value": "S2300 V200R013C00"
},
{
"version_value": "S2700 V200R005C00"
},
{
"version_value": "S2700 V200R006C00"
},
{
"version_value": "S2700 V200R007C00"
},
{
"version_value": "S2700 V200R008C00"
},
{
"version_value": "S2700 V200R010C00"
},
{
"version_value": "S2700 V200R011C10"
},
{
"version_value": "S2700 V200R012C00"
},
{
"version_value": "S2700 V200R013C00"
},
{
"version_value": "S5300 V200R003C00"
},
{
"version_value": "S5300 V200R005C00"
},
{
"version_value": "S5300 V200R008C00"
},
{
"version_value": "S5300 V200R010C00"
},
{
"version_value": "S5300 V200R011C10"
},
{
"version_value": "S5300 V200R012C00"
},
{
"version_value": "S5700 V200R006C00"
},
{
"version_value": "S5700 V200R007C00"
},
{
"version_value": "S5700 V200R008C00"
},
{
"version_value": "S5700 V200R010C00"
},
{
"version_value": "S5700 V200R011C10"
},
{
"version_value": "S5700 V200R012C00"
},
{
"version_value": "S5700 V200R013C00"
},
{
"version_value": "S600-E V200R008C00"
},
{
"version_value": "S600-E V200R010C00"
},
{
"version_value": "S600-E V200R011C10"
},
{
"version_value": "S600-E V200R012C00"
},
{
"version_value": "S600-E V200R013C00"
},
{
"version_value": "S6300 V200R003C00"
},
{
"version_value": "S6300 V200R005C00"
},
{
"version_value": "S6300 V200R007C00"
},
{
"version_value": "S6300 V200R008C00"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2019-03109)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190522-01-switch-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5285",
"datePublished": "2019-06-04T18:47:35",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:52.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17250 (GCVE-0-2017-17250)
Vulnerability from cvelistv5 – Published: 2018-03-09 17:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash.
Severity ?
No CVSS data available.
CWE
- out-of-bounds write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | AR120-S; AR1200; AR1200-S; AR150; AR150-S; AR160; AR200; AR200-S; AR2200-S; AR3200; AR510; NetEngine16EX; SRG1300; SRG2300; SRG3300 |
Affected:
AR120-S V200R005C32
Affected: AR1200 V200R005C32 Affected: AR1200-S V200R005C32 Affected: AR150 V200R005C32 Affected: AR150-S V200R005C32 Affected: AR160 V200R005C32 Affected: AR200 V200R005C32 Affected: AR200-S V200R005C32 Affected: AR2200-S V200R005C32 Affected: AR3200 V200R005C32 Affected: V200R007C00 Affected: AR510 V200R005C32 Affected: NetEngine16EX V200R005C32 Affected: SRG1300 V200R005C32 Affected: SRG2300 V200R005C32 Affected: SRG3300 V200R005C32 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AR120-S; AR1200; AR1200-S; AR150; AR150-S; AR160; AR200; AR200-S; AR2200-S; AR3200; AR510; NetEngine16EX; SRG1300; SRG2300; SRG3300",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "AR120-S V200R005C32"
},
{
"status": "affected",
"version": "AR1200 V200R005C32"
},
{
"status": "affected",
"version": "AR1200-S V200R005C32"
},
{
"status": "affected",
"version": "AR150 V200R005C32"
},
{
"status": "affected",
"version": "AR150-S V200R005C32"
},
{
"status": "affected",
"version": "AR160 V200R005C32"
},
{
"status": "affected",
"version": "AR200 V200R005C32"
},
{
"status": "affected",
"version": "AR200-S V200R005C32"
},
{
"status": "affected",
"version": "AR2200-S V200R005C32"
},
{
"status": "affected",
"version": "AR3200 V200R005C32"
},
{
"status": "affected",
"version": "V200R007C00"
},
{
"status": "affected",
"version": "AR510 V200R005C32"
},
{
"status": "affected",
"version": "NetEngine16EX V200R005C32"
},
{
"status": "affected",
"version": "SRG1300 V200R005C32"
},
{
"status": "affected",
"version": "SRG2300 V200R005C32"
},
{
"status": "affected",
"version": "SRG3300 V200R005C32"
}
]
}
],
"datePublic": "2018-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-09T16:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AR120-S; AR1200; AR1200-S; AR150; AR150-S; AR160; AR200; AR200-S; AR2200-S; AR3200; AR510; NetEngine16EX; SRG1300; SRG2300; SRG3300",
"version": {
"version_data": [
{
"version_value": "AR120-S V200R005C32"
},
{
"version_value": "AR1200 V200R005C32"
},
{
"version_value": "AR1200-S V200R005C32"
},
{
"version_value": "AR150 V200R005C32"
},
{
"version_value": "AR150-S V200R005C32"
},
{
"version_value": "AR160 V200R005C32"
},
{
"version_value": "AR200 V200R005C32"
},
{
"version_value": "AR200-S V200R005C32"
},
{
"version_value": "AR2200-S V200R005C32"
},
{
"version_value": "AR3200 V200R005C32"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "AR510 V200R005C32"
},
{
"version_value": "NetEngine16EX V200R005C32"
},
{
"version_value": "SRG1300 V200R005C32"
},
{
"version_value": "SRG2300 V200R005C32"
},
{
"version_value": "SRG3300 V200R005C32"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17250",
"datePublished": "2018-03-09T17:00:00",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17135 (GCVE-0-2017-17135)
Vulnerability from cvelistv5 – Published: 2018-03-05 19:00 – Updated: 2024-09-17 00:31
VLAI?
Summary
PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a null pointer reference vulnerability due to insufficient verification. An authenticated local attacker calls PEM decoder with special parameter which could cause a denial of service.
Severity ?
No CVSS data available.
CWE
- null pointer reference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 |
Affected:
DP300 V500R002C00
Affected: IPS Module V500R001C00 Affected: V500R001C30 Affected: NGFW Module V500R001C00 Affected: V500R002C00 Affected: NIP6300 V500R001C00 Affected: NIP6600 V500R001C00 Affected: RP200 V500R002C00 Affected: V600R006C00 Affected: S12700 V200R007C00 Affected: V200R007C01 Affected: V200R008C00 Affected: V200R009C00 Affected: V200R010C00 Affected: S1700 V200R006C10 Affected: S2700 V200R006C10 Affected: V200R007C00 Affected: S5700 V200R006C00 Affected: S6700 V200R008C00 Affected: S7700 V200R007C00 Affected: S9700 V200R007C00 Affected: Secospace USG6300 V500R001C00 Affected: Secospace USG6500 V500R001C00 Affected: Secospace USG6600 V500R001C00 Affected: V500R001C30S Affected: TE30 V100R001C02 Affected: V100R001C10 Affected: TE40 V500R002C00 Affected: TE50 V500R002C00 Affected: TE60 V100R001C01 Affected: TP3106 V100R002C00 Affected: TP3206 V100R002C00 Affected: V100R002C10 Affected: USG9500 V500R001C00 Affected: ViewPoint 9030 V100R011C02 Affected: V100R011C03 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "DP300 V500R002C00"
},
{
"status": "affected",
"version": "IPS Module V500R001C00"
},
{
"status": "affected",
"version": "V500R001C30"
},
{
"status": "affected",
"version": "NGFW Module V500R001C00"
},
{
"status": "affected",
"version": "V500R002C00"
},
{
"status": "affected",
"version": "NIP6300 V500R001C00"
},
{
"status": "affected",
"version": "NIP6600 V500R001C00"
},
{
"status": "affected",
"version": "RP200 V500R002C00"
},
{
"status": "affected",
"version": "V600R006C00"
},
{
"status": "affected",
"version": "S12700 V200R007C00"
},
{
"status": "affected",
"version": "V200R007C01"
},
{
"status": "affected",
"version": "V200R008C00"
},
{
"status": "affected",
"version": "V200R009C00"
},
{
"status": "affected",
"version": "V200R010C00"
},
{
"status": "affected",
"version": "S1700 V200R006C10"
},
{
"status": "affected",
"version": "S2700 V200R006C10"
},
{
"status": "affected",
"version": "V200R007C00"
},
{
"status": "affected",
"version": "S5700 V200R006C00"
},
{
"status": "affected",
"version": "S6700 V200R008C00"
},
{
"status": "affected",
"version": "S7700 V200R007C00"
},
{
"status": "affected",
"version": "S9700 V200R007C00"
},
{
"status": "affected",
"version": "Secospace USG6300 V500R001C00"
},
{
"status": "affected",
"version": "Secospace USG6500 V500R001C00"
},
{
"status": "affected",
"version": "Secospace USG6600 V500R001C00"
},
{
"status": "affected",
"version": "V500R001C30S"
},
{
"status": "affected",
"version": "TE30 V100R001C02"
},
{
"status": "affected",
"version": "V100R001C10"
},
{
"status": "affected",
"version": "TE40 V500R002C00"
},
{
"status": "affected",
"version": "TE50 V500R002C00"
},
{
"status": "affected",
"version": "TE60 V100R001C01"
},
{
"status": "affected",
"version": "TP3106 V100R002C00"
},
{
"status": "affected",
"version": "TP3206 V100R002C00"
},
{
"status": "affected",
"version": "V100R002C10"
},
{
"status": "affected",
"version": "USG9500 V500R001C00"
},
{
"status": "affected",
"version": "ViewPoint 9030 V100R011C02"
},
{
"status": "affected",
"version": "V100R011C03"
}
]
}
],
"datePublic": "2017-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a null pointer reference vulnerability due to insufficient verification. An authenticated local attacker calls PEM decoder with special parameter which could cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "null pointer reference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-05T18:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-12-06T00:00:00",
"ID": "CVE-2017-17135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"version": {
"version_data": [
{
"version_value": "DP300 V500R002C00"
},
{
"version_value": "IPS Module V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "NGFW Module V500R001C00"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "NIP6300 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "NIP6600 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "RP200 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "S12700 V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S1700 V200R006C10"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S2700 V200R006C10"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S5700 V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S6700 V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S7700 V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S9700 V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "Secospace USG6300 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "Secospace USG6500 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "Secospace USG6600 V500R001C00"
},
{
"version_value": "V500R001C30S"
},
{
"version_value": "TE30 V100R001C02"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE40 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE50 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE60 V100R001C01"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TP3106 V100R002C00"
},
{
"version_value": "TP3206 V100R002C00"
},
{
"version_value": "V100R002C10"
},
{
"version_value": "USG9500 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "ViewPoint 9030 V100R011C02"
},
{
"version_value": "V100R011C03"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a null pointer reference vulnerability due to insufficient verification. An authenticated local attacker calls PEM decoder with special parameter which could cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "null pointer reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17135",
"datePublished": "2018-03-05T19:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-17T00:31:13.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17138 (GCVE-0-2017-17138)
Vulnerability from cvelistv5 – Published: 2018-03-05 19:00 – Updated: 2024-09-17 03:44
VLAI?
Summary
PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a DoS vulnerability in PEM module of Huawei products due to insufficient verification. An authenticated local attacker can make processing into deadloop by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service.
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 |
Affected:
DP300 V500R002C00
Affected: IPS Module V500R001C00 Affected: V500R001C30 Affected: NGFW Module V500R001C00 Affected: V500R002C00 Affected: NIP6300 V500R001C00 Affected: NIP6600 V500R001C00 Affected: RP200 V500R002C00 Affected: V600R006C00 Affected: S12700 V200R007C00 Affected: V200R007C01 Affected: V200R008C00 Affected: V200R009C00 Affected: V200R010C00 Affected: S1700 V200R006C10 Affected: S2700 V200R006C10 Affected: V200R007C00 Affected: S5700 V200R006C00 Affected: S6700 V200R008C00 Affected: S7700 V200R007C00 Affected: S9700 V200R007C00 Affected: Secospace USG6300 V500R001C00 Affected: Secospace USG6500 V500R001C00 Affected: Secospace USG6600 V500R001C00 Affected: V500R001C30S Affected: TE30 V100R001C02 Affected: V100R001C10 Affected: TE40 V500R002C00 Affected: TE50 V500R002C00 Affected: TE60 V100R001C01 Affected: TP3106 V100R002C00 Affected: TP3206 V100R002C00 Affected: V100R002C10 Affected: USG9500 V500R001C00 Affected: ViewPoint 9030 V100R011C02 Affected: V100R011C03 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "DP300 V500R002C00"
},
{
"status": "affected",
"version": "IPS Module V500R001C00"
},
{
"status": "affected",
"version": "V500R001C30"
},
{
"status": "affected",
"version": "NGFW Module V500R001C00"
},
{
"status": "affected",
"version": "V500R002C00"
},
{
"status": "affected",
"version": "NIP6300 V500R001C00"
},
{
"status": "affected",
"version": "NIP6600 V500R001C00"
},
{
"status": "affected",
"version": "RP200 V500R002C00"
},
{
"status": "affected",
"version": "V600R006C00"
},
{
"status": "affected",
"version": "S12700 V200R007C00"
},
{
"status": "affected",
"version": "V200R007C01"
},
{
"status": "affected",
"version": "V200R008C00"
},
{
"status": "affected",
"version": "V200R009C00"
},
{
"status": "affected",
"version": "V200R010C00"
},
{
"status": "affected",
"version": "S1700 V200R006C10"
},
{
"status": "affected",
"version": "S2700 V200R006C10"
},
{
"status": "affected",
"version": "V200R007C00"
},
{
"status": "affected",
"version": "S5700 V200R006C00"
},
{
"status": "affected",
"version": "S6700 V200R008C00"
},
{
"status": "affected",
"version": "S7700 V200R007C00"
},
{
"status": "affected",
"version": "S9700 V200R007C00"
},
{
"status": "affected",
"version": "Secospace USG6300 V500R001C00"
},
{
"status": "affected",
"version": "Secospace USG6500 V500R001C00"
},
{
"status": "affected",
"version": "Secospace USG6600 V500R001C00"
},
{
"status": "affected",
"version": "V500R001C30S"
},
{
"status": "affected",
"version": "TE30 V100R001C02"
},
{
"status": "affected",
"version": "V100R001C10"
},
{
"status": "affected",
"version": "TE40 V500R002C00"
},
{
"status": "affected",
"version": "TE50 V500R002C00"
},
{
"status": "affected",
"version": "TE60 V100R001C01"
},
{
"status": "affected",
"version": "TP3106 V100R002C00"
},
{
"status": "affected",
"version": "TP3206 V100R002C00"
},
{
"status": "affected",
"version": "V100R002C10"
},
{
"status": "affected",
"version": "USG9500 V500R001C00"
},
{
"status": "affected",
"version": "ViewPoint 9030 V100R011C02"
},
{
"status": "affected",
"version": "V100R011C03"
}
]
}
],
"datePublic": "2017-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a DoS vulnerability in PEM module of Huawei products due to insufficient verification. An authenticated local attacker can make processing into deadloop by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-05T18:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-12-06T00:00:00",
"ID": "CVE-2017-17138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"version": {
"version_data": [
{
"version_value": "DP300 V500R002C00"
},
{
"version_value": "IPS Module V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "NGFW Module V500R001C00"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "NIP6300 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "NIP6600 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "RP200 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "S12700 V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S1700 V200R006C10"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S2700 V200R006C10"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S5700 V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S6700 V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S7700 V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S9700 V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "Secospace USG6300 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "Secospace USG6500 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "Secospace USG6600 V500R001C00"
},
{
"version_value": "V500R001C30S"
},
{
"version_value": "TE30 V100R001C02"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE40 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE50 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE60 V100R001C01"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TP3106 V100R002C00"
},
{
"version_value": "TP3206 V100R002C00"
},
{
"version_value": "V100R002C10"
},
{
"version_value": "USG9500 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "ViewPoint 9030 V100R011C02"
},
{
"version_value": "V100R011C03"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a DoS vulnerability in PEM module of Huawei products due to insufficient verification. An authenticated local attacker can make processing into deadloop by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17138",
"datePublished": "2018-03-05T19:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-17T03:44:03.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17137 (GCVE-0-2017-17137)
Vulnerability from cvelistv5 – Published: 2018-03-05 19:00 – Updated: 2024-09-17 00:42
VLAI?
Summary
PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service.
Severity ?
No CVSS data available.
CWE
- Out-of-Bounds memory access
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 |
Affected:
DP300 V500R002C00
Affected: IPS Module V500R001C00 Affected: V500R001C30 Affected: NGFW Module V500R001C00 Affected: V500R002C00 Affected: NIP6300 V500R001C00 Affected: NIP6600 V500R001C00 Affected: RP200 V500R002C00 Affected: V600R006C00 Affected: S12700 V200R007C00 Affected: V200R007C01 Affected: V200R008C00 Affected: V200R009C00 Affected: V200R010C00 Affected: S1700 V200R006C10 Affected: S2700 V200R006C10 Affected: V200R007C00 Affected: S5700 V200R006C00 Affected: S6700 V200R008C00 Affected: S7700 V200R007C00 Affected: S9700 V200R007C00 Affected: Secospace USG6300 V500R001C00 Affected: Secospace USG6500 V500R001C00 Affected: Secospace USG6600 V500R001C00 Affected: V500R001C30S Affected: TE30 V100R001C02 Affected: V100R001C10 Affected: TE40 V500R002C00 Affected: TE50 V500R002C00 Affected: TE60 V100R001C01 Affected: TP3106 V100R002C00 Affected: TP3206 V100R002C00 Affected: V100R002C10 Affected: USG9500 V500R001C00 Affected: ViewPoint 9030 V100R011C02 Affected: V100R011C03 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "DP300 V500R002C00"
},
{
"status": "affected",
"version": "IPS Module V500R001C00"
},
{
"status": "affected",
"version": "V500R001C30"
},
{
"status": "affected",
"version": "NGFW Module V500R001C00"
},
{
"status": "affected",
"version": "V500R002C00"
},
{
"status": "affected",
"version": "NIP6300 V500R001C00"
},
{
"status": "affected",
"version": "NIP6600 V500R001C00"
},
{
"status": "affected",
"version": "RP200 V500R002C00"
},
{
"status": "affected",
"version": "V600R006C00"
},
{
"status": "affected",
"version": "S12700 V200R007C00"
},
{
"status": "affected",
"version": "V200R007C01"
},
{
"status": "affected",
"version": "V200R008C00"
},
{
"status": "affected",
"version": "V200R009C00"
},
{
"status": "affected",
"version": "V200R010C00"
},
{
"status": "affected",
"version": "S1700 V200R006C10"
},
{
"status": "affected",
"version": "S2700 V200R006C10"
},
{
"status": "affected",
"version": "V200R007C00"
},
{
"status": "affected",
"version": "S5700 V200R006C00"
},
{
"status": "affected",
"version": "S6700 V200R008C00"
},
{
"status": "affected",
"version": "S7700 V200R007C00"
},
{
"status": "affected",
"version": "S9700 V200R007C00"
},
{
"status": "affected",
"version": "Secospace USG6300 V500R001C00"
},
{
"status": "affected",
"version": "Secospace USG6500 V500R001C00"
},
{
"status": "affected",
"version": "Secospace USG6600 V500R001C00"
},
{
"status": "affected",
"version": "V500R001C30S"
},
{
"status": "affected",
"version": "TE30 V100R001C02"
},
{
"status": "affected",
"version": "V100R001C10"
},
{
"status": "affected",
"version": "TE40 V500R002C00"
},
{
"status": "affected",
"version": "TE50 V500R002C00"
},
{
"status": "affected",
"version": "TE60 V100R001C01"
},
{
"status": "affected",
"version": "TP3106 V100R002C00"
},
{
"status": "affected",
"version": "TP3206 V100R002C00"
},
{
"status": "affected",
"version": "V100R002C10"
},
{
"status": "affected",
"version": "USG9500 V500R001C00"
},
{
"status": "affected",
"version": "ViewPoint 9030 V100R011C02"
},
{
"status": "affected",
"version": "V100R011C03"
}
]
}
],
"datePublic": "2017-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Bounds memory access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-05T18:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-12-06T00:00:00",
"ID": "CVE-2017-17137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"version": {
"version_data": [
{
"version_value": "DP300 V500R002C00"
},
{
"version_value": "IPS Module V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "NGFW Module V500R001C00"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "NIP6300 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "NIP6600 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "RP200 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "S12700 V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S1700 V200R006C10"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S2700 V200R006C10"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S5700 V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S6700 V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S7700 V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S9700 V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "Secospace USG6300 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "Secospace USG6500 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "Secospace USG6600 V500R001C00"
},
{
"version_value": "V500R001C30S"
},
{
"version_value": "TE30 V100R001C02"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE40 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE50 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE60 V100R001C01"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TP3106 V100R002C00"
},
{
"version_value": "TP3206 V100R002C00"
},
{
"version_value": "V100R002C10"
},
{
"version_value": "USG9500 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "ViewPoint 9030 V100R011C02"
},
{
"version_value": "V100R011C03"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-Bounds memory access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17137",
"datePublished": "2018-03-05T19:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-17T00:42:09.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17141 (GCVE-0-2017-17141)
Vulnerability from cvelistv5 – Published: 2018-03-05 19:00 – Updated: 2024-09-17 03:23
VLAI?
Summary
Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T; V200R008C00; V200R009C00;S3700 V100R006C03;S5700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R003C02; V200R005C00; V200R005C01; V200R005C02; V200R005C03; V200R006C00; V200R007C00; V200R008C00; V200R009C00;S6700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R005C01; V200R005C02; V200R008C00; V200R009C00;S7700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R006C01; V200R007C00; V200R007C01; V200R008C00; V200R008C06; V200R009C00;S9700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R008C00; V200R009C00 have a memory leak vulnerability. In some specific conditions, if attackers send specific malformed MPLS Service PING messages to the affected products, products do not release the memory when handling the packets. So successful exploit will result in memory leak of the affected products.
Severity ?
No CVSS data available.
CWE
- memory leak
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | S12700; S1700; S2700; S3700; S5700; S6700; S7700; S9700 |
Affected:
S12700 V200R005C00
Affected: V200R006C00 Affected: V200R007C00 Affected: V200R007C01 Affected: V200R007C20 Affected: V200R008C00 Affected: V200R009C00 Affected: S1700 V200R006C10 Affected: S2700 V100R006C03 Affected: V200R003C00 Affected: V200R005C00 Affected: V200R006C10 Affected: V200R007C00B050 Affected: V200R007C00SPC009T Affected: V200R007C00SPC019T Affected: S3700 V100R006C03 Affected: S5700 V200R001C00 Affected: V200R001C01 Affected: V200R002C00 Affected: V200R003C02 Affected: V200R005C01 Affected: V200R005C02 Affected: V200R005C03 Affected: S6700 V200R001C00 Affected: S7700 V200R001C00 Affected: V200R006C01 Affected: V200R008C06 Affected: S9700 V200R001C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-mpls-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "S12700; S1700; S2700; S3700; S5700; S6700; S7700; S9700",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "S12700 V200R005C00"
},
{
"status": "affected",
"version": "V200R006C00"
},
{
"status": "affected",
"version": "V200R007C00"
},
{
"status": "affected",
"version": "V200R007C01"
},
{
"status": "affected",
"version": "V200R007C20"
},
{
"status": "affected",
"version": "V200R008C00"
},
{
"status": "affected",
"version": "V200R009C00"
},
{
"status": "affected",
"version": "S1700 V200R006C10"
},
{
"status": "affected",
"version": "S2700 V100R006C03"
},
{
"status": "affected",
"version": "V200R003C00"
},
{
"status": "affected",
"version": "V200R005C00"
},
{
"status": "affected",
"version": "V200R006C10"
},
{
"status": "affected",
"version": "V200R007C00B050"
},
{
"status": "affected",
"version": "V200R007C00SPC009T"
},
{
"status": "affected",
"version": "V200R007C00SPC019T"
},
{
"status": "affected",
"version": "S3700 V100R006C03"
},
{
"status": "affected",
"version": "S5700 V200R001C00"
},
{
"status": "affected",
"version": "V200R001C01"
},
{
"status": "affected",
"version": "V200R002C00"
},
{
"status": "affected",
"version": "V200R003C02"
},
{
"status": "affected",
"version": "V200R005C01"
},
{
"status": "affected",
"version": "V200R005C02"
},
{
"status": "affected",
"version": "V200R005C03"
},
{
"status": "affected",
"version": "S6700 V200R001C00"
},
{
"status": "affected",
"version": "S7700 V200R001C00"
},
{
"status": "affected",
"version": "V200R006C01"
},
{
"status": "affected",
"version": "V200R008C06"
},
{
"status": "affected",
"version": "S9700 V200R001C00"
}
]
}
],
"datePublic": "2017-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T; V200R008C00; V200R009C00;S3700 V100R006C03;S5700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R003C02; V200R005C00; V200R005C01; V200R005C02; V200R005C03; V200R006C00; V200R007C00; V200R008C00; V200R009C00;S6700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R005C01; V200R005C02; V200R008C00; V200R009C00;S7700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R006C01; V200R007C00; V200R007C01; V200R008C00; V200R008C06; V200R009C00;S9700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R008C00; V200R009C00 have a memory leak vulnerability. In some specific conditions, if attackers send specific malformed MPLS Service PING messages to the affected products, products do not release the memory when handling the packets. So successful exploit will result in memory leak of the affected products."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "memory leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-05T18:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-mpls-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-12-06T00:00:00",
"ID": "CVE-2017-17141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "S12700; S1700; S2700; S3700; S5700; S6700; S7700; S9700",
"version": {
"version_data": [
{
"version_value": "S12700 V200R005C00"
},
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R007C20"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "S1700 V200R006C10"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "S2700 V100R006C03"
},
{
"version_value": "V200R003C00"
},
{
"version_value": "V200R005C00"
},
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R006C10"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R007C00B050"
},
{
"version_value": "V200R007C00SPC009T"
},
{
"version_value": "V200R007C00SPC019T"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "S3700 V100R006C03"
},
{
"version_value": "S5700 V200R001C00"
},
{
"version_value": "V200R001C01"
},
{
"version_value": "V200R002C00"
},
{
"version_value": "V200R003C00"
},
{
"version_value": "V200R003C02"
},
{
"version_value": "V200R005C00"
},
{
"version_value": "V200R005C01"
},
{
"version_value": "V200R005C02"
},
{
"version_value": "V200R005C03"
},
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "S6700 V200R001C00"
},
{
"version_value": "V200R001C01"
},
{
"version_value": "V200R002C00"
},
{
"version_value": "V200R003C00"
},
{
"version_value": "V200R005C00"
},
{
"version_value": "V200R005C01"
},
{
"version_value": "V200R005C02"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "S7700 V200R001C00"
},
{
"version_value": "V200R001C01"
},
{
"version_value": "V200R002C00"
},
{
"version_value": "V200R003C00"
},
{
"version_value": "V200R005C00"
},
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R006C01"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R008C06"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "S9700 V200R001C00"
},
{
"version_value": "V200R001C01"
},
{
"version_value": "V200R002C00"
},
{
"version_value": "V200R003C00"
},
{
"version_value": "V200R005C00"
},
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T; V200R008C00; V200R009C00;S3700 V100R006C03;S5700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R003C02; V200R005C00; V200R005C01; V200R005C02; V200R005C03; V200R006C00; V200R007C00; V200R008C00; V200R009C00;S6700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R005C01; V200R005C02; V200R008C00; V200R009C00;S7700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R006C01; V200R007C00; V200R007C01; V200R008C00; V200R008C06; V200R009C00;S9700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R008C00; V200R009C00 have a memory leak vulnerability. In some specific conditions, if attackers send specific malformed MPLS Service PING messages to the affected products, products do not release the memory when handling the packets. So successful exploit will result in memory leak of the affected products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "memory leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-mpls-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-mpls-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17141",
"datePublished": "2018-03-05T19:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-17T03:23:15.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17136 (GCVE-0-2017-17136)
Vulnerability from cvelistv5 – Published: 2018-03-05 19:00 – Updated: 2024-09-16 16:49
VLAI?
Summary
PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a heap overflow vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service.
Severity ?
No CVSS data available.
CWE
- heap overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 |
Affected:
DP300 V500R002C00
Affected: IPS Module V500R001C00 Affected: V500R001C30 Affected: NGFW Module V500R001C00 Affected: V500R002C00 Affected: NIP6300 V500R001C00 Affected: NIP6600 V500R001C00 Affected: RP200 V500R002C00 Affected: V600R006C00 Affected: S12700 V200R007C00 Affected: V200R007C01 Affected: V200R008C00 Affected: V200R009C00 Affected: V200R010C00 Affected: S1700 V200R006C10 Affected: S2700 V200R006C10 Affected: V200R007C00 Affected: S5700 V200R006C00 Affected: S6700 V200R008C00 Affected: S7700 V200R007C00 Affected: S9700 V200R007C00 Affected: Secospace USG6300 V500R001C00 Affected: Secospace USG6500 V500R001C00 Affected: Secospace USG6600 V500R001C00 Affected: V500R001C30S Affected: TE30 V100R001C02 Affected: V100R001C10 Affected: TE40 V500R002C00 Affected: TE50 V500R002C00 Affected: TE60 V100R001C01 Affected: TP3106 V100R002C00 Affected: TP3206 V100R002C00 Affected: V100R002C10 Affected: USG9500 V500R001C00 Affected: ViewPoint 9030 V100R011C02 Affected: V100R011C03 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "DP300 V500R002C00"
},
{
"status": "affected",
"version": "IPS Module V500R001C00"
},
{
"status": "affected",
"version": "V500R001C30"
},
{
"status": "affected",
"version": "NGFW Module V500R001C00"
},
{
"status": "affected",
"version": "V500R002C00"
},
{
"status": "affected",
"version": "NIP6300 V500R001C00"
},
{
"status": "affected",
"version": "NIP6600 V500R001C00"
},
{
"status": "affected",
"version": "RP200 V500R002C00"
},
{
"status": "affected",
"version": "V600R006C00"
},
{
"status": "affected",
"version": "S12700 V200R007C00"
},
{
"status": "affected",
"version": "V200R007C01"
},
{
"status": "affected",
"version": "V200R008C00"
},
{
"status": "affected",
"version": "V200R009C00"
},
{
"status": "affected",
"version": "V200R010C00"
},
{
"status": "affected",
"version": "S1700 V200R006C10"
},
{
"status": "affected",
"version": "S2700 V200R006C10"
},
{
"status": "affected",
"version": "V200R007C00"
},
{
"status": "affected",
"version": "S5700 V200R006C00"
},
{
"status": "affected",
"version": "S6700 V200R008C00"
},
{
"status": "affected",
"version": "S7700 V200R007C00"
},
{
"status": "affected",
"version": "S9700 V200R007C00"
},
{
"status": "affected",
"version": "Secospace USG6300 V500R001C00"
},
{
"status": "affected",
"version": "Secospace USG6500 V500R001C00"
},
{
"status": "affected",
"version": "Secospace USG6600 V500R001C00"
},
{
"status": "affected",
"version": "V500R001C30S"
},
{
"status": "affected",
"version": "TE30 V100R001C02"
},
{
"status": "affected",
"version": "V100R001C10"
},
{
"status": "affected",
"version": "TE40 V500R002C00"
},
{
"status": "affected",
"version": "TE50 V500R002C00"
},
{
"status": "affected",
"version": "TE60 V100R001C01"
},
{
"status": "affected",
"version": "TP3106 V100R002C00"
},
{
"status": "affected",
"version": "TP3206 V100R002C00"
},
{
"status": "affected",
"version": "V100R002C10"
},
{
"status": "affected",
"version": "USG9500 V500R001C00"
},
{
"status": "affected",
"version": "ViewPoint 9030 V100R011C02"
},
{
"status": "affected",
"version": "V100R011C03"
}
]
}
],
"datePublic": "2017-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a heap overflow vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "heap overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-05T18:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-12-06T00:00:00",
"ID": "CVE-2017-17136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"version": {
"version_data": [
{
"version_value": "DP300 V500R002C00"
},
{
"version_value": "IPS Module V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "NGFW Module V500R001C00"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "NIP6300 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "NIP6600 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "RP200 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "S12700 V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S1700 V200R006C10"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S2700 V200R006C10"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S5700 V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S6700 V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S7700 V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "S9700 V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "Secospace USG6300 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "Secospace USG6500 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "Secospace USG6600 V500R001C00"
},
{
"version_value": "V500R001C30S"
},
{
"version_value": "TE30 V100R001C02"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE40 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE50 V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TE60 V100R001C01"
},
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
},
{
"version_value": "TP3106 V100R002C00"
},
{
"version_value": "TP3206 V100R002C00"
},
{
"version_value": "V100R002C10"
},
{
"version_value": "USG9500 V500R001C00"
},
{
"version_value": "V500R001C30"
},
{
"version_value": "ViewPoint 9030 V100R011C02"
},
{
"version_value": "V100R011C03"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a heap overflow vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17136",
"datePublished": "2018-03-05T19:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-16T16:49:17.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17165 (GCVE-0-2017-17165)
Vulnerability from cvelistv5 – Published: 2018-02-15 16:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause device to reset.
Severity ?
No CVSS data available.
CWE
- out-of-bounds read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Quidway S2700,Quidway S5300,Quidway S5700,S2300,S2700,S5300,S5700,S600-E,S6300,S6700 |
Affected:
Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Quidway S2700,Quidway S5300,Quidway S5700,S2300,S2700,S5300,S5700,S600-E,S6300,S6700",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00"
}
]
}
],
"datePublic": "2017-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause device to reset."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T15:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quidway S2700,Quidway S5300,Quidway S5700,S2300,S2700,S5300,S5700,S600-E,S6300,S6700",
"version": {
"version_data": [
{
"version_value": "Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause device to reset."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17165",
"datePublished": "2018-02-15T16:00:00",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5394 (GCVE-0-2014-5394)
Vulnerability from cvelistv5 – Published: 2018-01-08 19:00 – Updated: 2024-08-06 11:41
VLAI?
Summary
Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69302",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69302"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-362701"
},
{
"name": "campusswitch-cve20145394-info-disc(97763)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-08T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69302",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69302"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-362701"
},
{
"name": "campusswitch-cve20145394-info-disc(97763)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97763"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69302",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69302"
},
{
"name": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-362701",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/us/psirt/security-advisories/2014/hw-362701"
},
{
"name": "campusswitch-cve20145394-info-disc(97763)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97763"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5394",
"datePublished": "2018-01-08T19:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2024-08-06T11:41:49.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}