CVE-2017-17150 - Vulnerability Details

Vendors	Products
Huawei	Dp300 Dp300 Firmware Rp200 Rp200 Firmware Te30 Te30 Firmware Te40 Te40 Firmware Te50 Te50 Firmware Te60 Te60 Firmware

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-vpp-en

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "DP300; RP200; TE30; TE40; TE50; TE60", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "DP300 V500R002C00"}, {"status": "affected", "version": "RP200 V500R002C00"}, {"status": "affected", "version": "V600R006C00"}, {"status": "affected", "version": "TE30 V100R001C10"}, {"status": "affected", "version": "V500R002C00"}, {"status": "affected", "version": "TE40 V500R002C00"}, {"status": "affected", "version": "TE50 V500R002C00"}, {"status": "affected", "version": "TE60 V100R001C10"}]}], "datePublic": "2017-12-20T00:00:00", "descriptions": [{"lang": "en", "value": "Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS vulnerability due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to launch DOS attack."}], "problemTypes": [{"descriptions": [{"description": "DoS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-09T16:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-vpp-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2017-17150", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "DP300; RP200; TE30; TE40; TE50; TE60", "version": {"version_data": [{"version_value": "DP300 V500R002C00"}, {"version_value": "RP200 V500R002C00"}, {"version_value": "V600R006C00"}, {"version_value": "TE30 V100R001C10"}, {"version_value": "V500R002C00"}, {"version_value": "V600R006C00"}, {"version_value": "TE40 V500R002C00"}, {"version_value": "V600R006C00"}, {"version_value": "TE50 V500R002C00"}, {"version_value": "V600R006C00"}, {"version_value": "TE60 V100R001C10"}, {"version_value": "V500R002C00"}, {"version_value": "V600R006C00"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS vulnerability due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to launch DOS attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DoS"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-vpp-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-vpp-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:43:59.921Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-vpp-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-17150", "datePublished": "2018-03-09T17:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-08-05T20:43:59.921Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : DP300; RP200; TE30; TE40; TE50; TE60 (string)

vendor : Huawei Technologies Co., Ltd. (string)

versions : [ »

0 : { »

status : affected (string)

version : DP300 V500R002C00 (string)

}

1 : { »

status : affected (string)

version : RP200 V500R002C00 (string)

}

2 : { »

status : affected (string)

version : V600R006C00 (string)

}

3 : { »

status : affected (string)

version : TE30 V100R001C10 (string)

}

4 : { »

status : affected (string)

version : V500R002C00 (string)

}

5 : { »

status : affected (string)

version : TE40 V500R002C00 (string)

}

6 : { »

status : affected (string)

version : TE50 V500R002C00 (string)

}

7 : { »

status : affected (string)

version : TE60 V100R001C10 (string)

}

]

}

]

datePublic : 2017-12-20T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS vulnerability due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to launch DOS attack. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : DoS (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-03-09T16:57:01 (string)

orgId : 25ac1063-e409-4190-8079-24548c77ea2e (string)

shortName : huawei (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-vpp-en (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@huawei.com (string)

ID : CVE-2017-17150 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : DP300; RP200; TE30; TE40; TE50; TE60 (string)

version : { »

version_data : [ »

0 : { »

version_value : DP300 V500R002C00 (string)

}

1 : { »

version_value : RP200 V500R002C00 (string)

}

2 : { »

version_value : V600R006C00 (string)

}

3 : { »

version_value : TE30 V100R001C10 (string)

}

4 : { »

version_value : V500R002C00 (string)

}

5 : { »

version_value : V600R006C00 (string)

}

6 : { »

version_value : TE40 V500R002C00 (string)

}

7 : { »

version_value : V600R006C00 (string)

}

8 : { »

version_value : TE50 V500R002C00 (string)

}

9 : { »

version_value : V600R006C00 (string)

}

10 : { »

version_value : TE60 V100R001C10 (string)

}

11 : { »

version_value : V500R002C00 (string)

}

12 : { »

version_value : V600R006C00 (string)

}

]

}

]

}

vendor_name : Huawei Technologies Co., Ltd. (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS vulnerability due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to launch DOS attack. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : DoS (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-vpp-en (string)

refsource : CONFIRM (string)

url : http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-vpp-en (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T20:43:59.921Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-vpp-en (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 25ac1063-e409-4190-8079-24548c77ea2e (string)

assignerShortName : huawei (string)

cveId : CVE-2017-17150 (string)

datePublished : 2018-03-09T17:00:00 (string)

dateReserved : 2017-12-04T00:00:00 (string)

dateUpdated : 2024-08-05T20:43:59.921Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "matchCriteriaId": "8871106B-D3AF-4CFB-A544-1FA411642428", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F3483B2-9EB6-4E34-900A-945C04A3160D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:*", "matchCriteriaId": "16C1ED34-BC94-4AAC-ADF4-5FCD637E5B4A", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*", "matchCriteriaId": "67731A77-1DD4-49B2-B437-2850C9583750", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*", "matchCriteriaId": "98275088-2FBE-42F4-AAEC-DF02950B803D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*", "matchCriteriaId": "DA3EF476-42D7-4758-8DCB-373F46BF1CF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*", "matchCriteriaId": "9DEA387B-4F45-438F-8086-6E80B553163C", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*", "matchCriteriaId": "018039EB-7265-4B71-B462-4734FD1D0503", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*", "matchCriteriaId": "1146F99B-5344-4CD3-AF3F-CD3FE6F6DD91", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*", "matchCriteriaId": "DDD87254-ABAD-4DFF-BC0D-2CF030063D6F", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "matchCriteriaId": "931FD3B3-A333-4277-AE55-494F5DB9F09F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "matchCriteriaId": "45C3AF58-E030-4E12-A2FD-A4337A5021ED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:*", "matchCriteriaId": "DF7A4D51-314B-4A77-86A7-9C5237BC4275", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "matchCriteriaId": "A70F8924-DC80-4D6F-BA3E-DBFE32FED788", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4F188B3-0A63-4704-9B0D-F8DF5D973FA5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "matchCriteriaId": "092C9FAF-8892-4E16-9C0E-BB1E3488C6C4", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "matchCriteriaId": "01BC9042-0485-437F-811F-F8898B3B7EA7", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "matchCriteriaId": "4A29049D-F472-4772-8750-20730DA624E9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "matchCriteriaId": "999117E9-90C8-4E76-90B5-7D364C0B84BF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS vulnerability due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to launch DOS attack."}, {"lang": "es", "value": "El m\u00f3dulo Timergrp en Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00 y V600R006C00 tiene una vulnerabilidad de denegaci\u00f3n de servicio (DoS) debido a la validaci\u00f3n insuficiente del par\u00e1metro. Un atacante local autenticado podr\u00eda llamar a una API especial con un par\u00e1metro especial, lo que provocar\u00eda un bucle infinito. La explotaci\u00f3n con \u00e9xito de esta vulnerabilidad puede permitir que un atacante inicie un ataque DoS."}], "id": "CVE-2017-17150", "lastModified": "2024-11-21T03:17:35.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-09T17:29:00.597", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-vpp-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-vpp-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:* (string)

matchCriteriaId : 8871106B-D3AF-4CFB-A544-1FA411642428 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 7F3483B2-9EB6-4E34-900A-945C04A3160D (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:* (string)

matchCriteriaId : 16C1ED34-BC94-4AAC-ADF4-5FCD637E5B4A (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:* (string)

matchCriteriaId : 67731A77-1DD4-49B2-B437-2850C9583750 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 98275088-2FBE-42F4-AAEC-DF02950B803D (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:* (string)

matchCriteriaId : DA3EF476-42D7-4758-8DCB-373F46BF1CF5 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:* (string)

matchCriteriaId : 9DEA387B-4F45-438F-8086-6E80B553163C (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:* (string)

matchCriteriaId : 018039EB-7265-4B71-B462-4734FD1D0503 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1146F99B-5344-4CD3-AF3F-CD3FE6F6DD91 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:* (string)

matchCriteriaId : DDD87254-ABAD-4DFF-BC0D-2CF030063D6F (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:* (string)

matchCriteriaId : 931FD3B3-A333-4277-AE55-494F5DB9F09F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 45C3AF58-E030-4E12-A2FD-A4337A5021ED (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:* (string)

matchCriteriaId : DF7A4D51-314B-4A77-86A7-9C5237BC4275 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:* (string)

matchCriteriaId : A70F8924-DC80-4D6F-BA3E-DBFE32FED788 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A4F188B3-0A63-4704-9B0D-F8DF5D973FA5 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:* (string)

matchCriteriaId : 092C9FAF-8892-4E16-9C0E-BB1E3488C6C4 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:* (string)

matchCriteriaId : 01BC9042-0485-437F-811F-F8898B3B7EA7 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:* (string)

matchCriteriaId : 4A29049D-F472-4772-8750-20730DA624E9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 999117E9-90C8-4E76-90B5-7D364C0B84BF (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS vulnerability due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to launch DOS attack. (string)

}

1 : { »

lang : es (string)

value : El módulo Timergrp en Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00 y V600R006C00 tiene una vulnerabilidad de denegación de servicio (DoS) debido a la validación insuficiente del parámetro. Un atacante local autenticado podría llamar a una API especial con un parámetro especial, lo que provocaría un bucle infinito. La explotación con éxito de esta vulnerabilidad puede permitir que un atacante inicie un ataque DoS. (string)

}

]

id : CVE-2017-17150 (string)

lastModified : 2024-11-21T03:17:35.217 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 2.1 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-03-09T17:29:00.597 (string)

references : [ »

0 : { »

source : psirt@huawei.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-vpp-en (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-vpp-en (string)

}

]

sourceIdentifier : psirt@huawei.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-835 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object