CVE-2017-15323

Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, V500R001C30, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, TE60 V100R001C01, V100R001C10, V100R003C00, V500R002C00, V600R006C00, TP3106 V100R001C06, V100R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eCNS210_TD V100R004C10, eSpace U1981 V200R003C30 have a DoS vulnerability caused by memory exhaustion in some Huawei products. For lacking of adequate input validation, attackers can craft and send some malformed messages to the target device to exhaust the memory of the device and cause a Denial of Service (DoS).

CVSS v3.0 5.5 MEDIUM
CVSS v2.0 4.9 MEDIUM

5.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-pse-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:::::::*
	cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:::::::*
	cpe:2.3:o:huawei:nip6600_firmware:v500r001c20:::::::*

cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:::::::*
	cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:::::::*
	cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20:::::::*

cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:huawei:te60_firmware:v100r003c00:::::::*
	cpe:2.3:o:huawei:te60_firmware:v600r006c00:::::::*
	cpe:2.3:o:huawei:te60_firmware:v100r001c01:::::::*
	cpe:2.3:o:huawei:te60_firmware:v100r001c10:::::::*
	cpe:2.3:o:huawei:te60_firmware:v500r002c00:::::::*

cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:huawei:tp3106_firmware:v100r001c06:::::::*
	cpe:2.3:o:huawei:tp3106_firmware:v100r002c00:::::::*

cpe:2.3:h:huawei:tp3106:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:huawei:vp9660_firmware:v500r002c10:::::::*
	cpe:2.3:o:huawei:vp9660_firmware:v200r001c02:::::::*
	cpe:2.3:o:huawei:vp9660_firmware:v200r001c30:::::::*
	cpe:2.3:o:huawei:vp9660_firmware:v500r002c00:::::::*

cpe:2.3:h:huawei:vp9660:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:huawei:viewpoint_8660_firmware:v100r008c03:*:*:*:*:*:*:*

cpe:2.3:h:huawei:viewpoint_8660:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:::::::*
	cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:::::::*

cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ecns210_td:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c30:*:*:*:*:*:*:*

cpe:2.3:h:huawei:espace_u1981:-:*:*:*:*:*:*:*

Information

Published : 2018-03-09 13:29

Updated : 2018-03-27 13:28

NVD link : CVE-2017-15323

Mitre link : CVE-2017-15323

JSON object : View

CWE

CWE-400

Uncontrolled Resource Consumption

Products Affected

huawei

nip6600
secospace_usg6500
vp9660
nip6600_firmware
secospace_usg6500_firmware
te60
viewpoint_9030_firmware
ecns210_td
vp9660_firmware
espace_u1981
viewpoint_8660_firmware
dp300_firmware
viewpoint_9030
ecns210_td_firmware
dp300
espace_u1981_firmware
viewpoint_8660
tp3106
te60_firmware
tp3106_firmware

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2017-15323

5.5^/10

4.9^/10

Attach tags to `CVE-2017-15323`