CVE-2017-15333

Published: Feb 15, 2018Modified: Nov 21, 2024

4.7

Vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.0 / Impact: 3.6

Source: NVD

Description

XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks.

Affected (47)

Products: Huawei: S12700 Firmware, S1700 Firmware, S5700 Firmware, S6700 Firmware, S7700 Firmware, S9700 Firmware, Ecns210 Td Firmware

7 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S12700 Firmware	Version v200r005c00

Running on/with	Platform Versions
Huawei S12700	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S1700 Firmware	Version v200r009c00
Huawei S1700 Firmware	Version v200r010c00

Running on/with	Platform Versions
Huawei S1700	All versions

Configuration C

10 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S5700 Firmware	Version v200r001c00
Huawei S5700 Firmware	Version v200r002c00
Huawei S5700 Firmware	Version v200r003c00
Huawei S5700 Firmware	Version v200r003c02
Huawei S5700 Firmware	Version v200r005c00
Huawei S5700 Firmware	Version v200r006c00
Huawei S5700 Firmware	Version v200r007c00
Huawei S5700 Firmware	Version v200r008c00
Huawei S5700 Firmware	Version v200r009c00
Huawei S5700 Firmware	Version v200r010c00

Running on/with	Platform Versions
Huawei S5700	All versions

Configuration E

8 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S6700 Firmware	Version v200r001c00
Huawei S6700 Firmware	Version v200r002c00
Huawei S6700 Firmware	Version v200r003c00
Huawei S6700 Firmware	Version v200r005c00
Huawei S6700 Firmware	Version v200r005c02
Huawei S6700 Firmware	Version v200r008c00
Huawei S6700 Firmware	Version v200r009c00
Huawei S6700 Firmware	Version v200r010c00

Running on/with	Platform Versions
Huawei S6700	All versions

Configuration F

9 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S7700 Firmware	Version v200r001c00
Huawei S7700 Firmware	Version v200r002c00
Huawei S7700 Firmware	Version v200r003c00
Huawei S7700 Firmware	Version v200r005c00
Huawei S7700 Firmware	Version v200r006c00
Huawei S7700 Firmware	Version v200r007c00
Huawei S7700 Firmware	Version v200r008c00
Huawei S7700 Firmware	Version v200r009c00
Huawei S7700 Firmware	Version v200r010c00

Running on/with	Platform Versions
Huawei S7700	All versions

Configuration G

9 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S9700 Firmware	Version v200r001c00
Huawei S9700 Firmware	Version v200r002c00
Huawei S9700 Firmware	Version v200r003c00
Huawei S9700 Firmware	Version v200r005c00
Huawei S9700 Firmware	Version v200r006c00
Huawei S9700 Firmware	Version v200r007c00
Huawei S9700 Firmware	Version v200r008c00
Huawei S9700 Firmware	Version v200r009c00
Huawei S9700 Firmware	Version v200r010c00

Running on/with	Platform Versions
Huawei S9700	All versions

Configuration H

8 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Ecns210 Td Firmware	Version v100r004c10
Huawei Ecns210 Td Firmware	Version v100r004c10spc003
Huawei Ecns210 Td Firmware	Version v100r004c10spc100
Huawei Ecns210 Td Firmware	Version v100r004c10spc101
Huawei Ecns210 Td Firmware	Version v100r004c10spc102
Huawei Ecns210 Td Firmware	Version v100r004c10spc200
Huawei Ecns210 Td Firmware	Version v100r004c10spc221
Huawei Ecns210 Td Firmware	Version v100r004c10spc400

Running on/with	Platform Versions
Huawei Ecns210 Td	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.