CVE-2017-17143

Published: Mar 5, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; RSE6500 V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC300T; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00T; TE30 V100R001C10; V100R001C10SPC100; V100R001C10SPC200B010; V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V100R001C10SPC800; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE60 V100R001C01SPC100; V100R001C01SPC107TB010; V100R001C10; V100R001C10SPC300; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800; V100R001C10SPC900; V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300; TP3106 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C00SPC800; TP3206 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C10; ViewPoint 9030 V100R011C02SPC100; V100R011C03B012SP15; V100R011C03B012SP16; V100R011C03B015SP03; V100R011C03LGWL01SPC100; V100R011C03SPC100; V100R011C03SPC200; V100R011C03SPC300; V100R011C03SPC400; V100R011C03SPC500; eSpace U1960 V200R003C30SPC200; eSpace U1981 V100R001C20SPC700; V200R003C20SPCa00 has an overflow vulnerability that the module cannot parse a malformed SIP message when validating variables. Attacker can exploit it to make one process reboot at random.

Affected (97)

Products: Huawei: Dp300 Firmware, Rp200 Firmware, Rse6500 Firmware, Te30 Firmware, Te40 Firmware, Te50 Firmware, Te60 Firmware, Tp3106 Firmware, Tp3206 Firmware, Viewpoint 9030 Firmware, Espace U1960 Firmware, Espace U1981 Firmware

12 products

Viewpoint 9030 Firmware

Espace U1960 Firmware

Espace U1981 Firmware

Configuration A

10 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Dp300 Firmware	Version v500r002c00
Huawei Dp300 Firmware	Version v500r002c00spc100
Huawei Dp300 Firmware	Version v500r002c00spc200
Huawei Dp300 Firmware	Version v500r002c00spc300
Huawei Dp300 Firmware	Version v500r002c00spc400
Huawei Dp300 Firmware	Version v500r002c00spc500
Huawei Dp300 Firmware	Version v500r002c00spc600
Huawei Dp300 Firmware	Version v500r002c00spc800
Huawei Dp300 Firmware	Version v500r002c00spc900
Huawei Dp300 Firmware	Version v500r002c00spca00

Running on/with	Platform Versions
Huawei Dp300	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rp200 Firmware	Version v500r002c00spc200
Huawei Rp200 Firmware	Version v600r006c00
Huawei Rp200 Firmware	Version v600r006c00spc200

Running on/with	Platform Versions
Huawei Rp200	All versions

Configuration C

8 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rse6500 Firmware	Version v500r002c00spc100
Huawei Rse6500 Firmware	Version v500r002c00spc200
Huawei Rse6500 Firmware	Version v500r002c00spc300
Huawei Rse6500 Firmware	Version v500r002c00spc300t
Huawei Rse6500 Firmware	Version v500r002c00spc500
Huawei Rse6500 Firmware	Version v500r002c00spc600
Huawei Rse6500 Firmware	Version v500r002c00spc700
Huawei Rse6500 Firmware	Version v500r002c00t

Running on/with	Platform Versions
Huawei Rse6500	All versions

Configuration D

15 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Te30 Firmware	Version v100r001c10
Huawei Te30 Firmware	Version v100r001c10spc100
Huawei Te30 Firmware	Version v100r001c10spc200b010
Huawei Te30 Firmware	Version v100r001c10spc300
Huawei Te30 Firmware	Version v100r001c10spc500
Huawei Te30 Firmware	Version v100r001c10spc600
Huawei Te30 Firmware	Version v100r001c10spc700b010
Huawei Te30 Firmware	Version v100r001c10spc800
Huawei Te30 Firmware	Version v500r002c00spc200
Huawei Te30 Firmware	Version v500r002c00spc500
Huawei Te30 Firmware	Version v500r002c00spc600
Huawei Te30 Firmware	Version v500r002c00spc700
Huawei Te30 Firmware	Version v500r002c00spc900
Huawei Te30 Firmware	Version v500r002c00spcb00
Huawei Te30 Firmware	Version v600r006c00

Running on/with	Platform Versions
Huawei Te30	All versions

Configuration E

6 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Te40 Firmware	Version v500r002c00spc600
Huawei Te40 Firmware	Version v500r002c00spc700
Huawei Te40 Firmware	Version v500r002c00spc900
Huawei Te40 Firmware	Version v500r002c00spcb00
Huawei Te40 Firmware	Version v600r006c00
Huawei Te40 Firmware	Version v600r006c00spc200

Running on/with	Platform Versions
Huawei Te40	All versions

Configuration F

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Te50 Firmware	Version v500r002c00spc600
Huawei Te50 Firmware	Version v500r002c00spc700
Huawei Te50 Firmware	Version v500r002c00spcb00
Huawei Te50 Firmware	Version v600r006c00
Huawei Te50 Firmware	Version v600r006c00spc200

Running on/with	Platform Versions
Huawei Te50	All versions

Configuration G

25 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Te60 Firmware	Version v100r001c01spc100
Huawei Te60 Firmware	Version v100r001c01spc107tb010
Huawei Te60 Firmware	Version v100r001c10
Huawei Te60 Firmware	Version v100r001c10spc300
Huawei Te60 Firmware	Version v100r001c10spc400
Huawei Te60 Firmware	Version v100r001c10spc500
Huawei Te60 Firmware	Version v100r001c10spc600
Huawei Te60 Firmware	Version v100r001c10spc700
Huawei Te60 Firmware	Version v100r001c10spc800
Huawei Te60 Firmware	Version v100r001c10spc900
Huawei Te60 Firmware	Version v500r002c00
Huawei Te60 Firmware	Version v500r002c00spc100
Huawei Te60 Firmware	Version v500r002c00spc200
Huawei Te60 Firmware	Version v500r002c00spc300
Huawei Te60 Firmware	Version v500r002c00spc600
Huawei Te60 Firmware	Version v500r002c00spc700
Huawei Te60 Firmware	Version v500r002c00spc800
Huawei Te60 Firmware	Version v500r002c00spc900
Huawei Te60 Firmware	Version v500r002c00spca00
Huawei Te60 Firmware	Version v500r002c00spcb00
Huawei Te60 Firmware	Version v500r002c00spcd00
Huawei Te60 Firmware	Version v600r006c00
Huawei Te60 Firmware	Version v600r006c00spc100
Huawei Te60 Firmware	Version v600r006c00spc200
Huawei Te60 Firmware	Version v600r006c00spc300

Running on/with	Platform Versions
Huawei Te60	All versions

Configuration H

6 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Tp3106 Firmware	Version v100r002c00
Huawei Tp3106 Firmware	Version v100r002c00spc200
Huawei Tp3106 Firmware	Version v100r002c00spc400
Huawei Tp3106 Firmware	Version v100r002c00spc600
Huawei Tp3106 Firmware	Version v100r002c00spc700
Huawei Tp3106 Firmware	Version v100r002c00spc800

Running on/with	Platform Versions
Huawei Tp3106	All versions

Configuration I

6 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Tp3206 Firmware	Version v100r002c00
Huawei Tp3206 Firmware	Version v100r002c00spc200
Huawei Tp3206 Firmware	Version v100r002c00spc400
Huawei Tp3206 Firmware	Version v100r002c00spc600
Huawei Tp3206 Firmware	Version v100r002c00spc700
Huawei Tp3206 Firmware	Version v100r002c10

Running on/with	Platform Versions
Huawei Tp3206	All versions

Configuration J

10 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Viewpoint 9030 Firmware	Version v100r011c02spc100
Huawei Viewpoint 9030 Firmware	Version v100r011c03b012sp15
Huawei Viewpoint 9030 Firmware	Version v100r011c03b012sp16
Huawei Viewpoint 9030 Firmware	Version v100r011c03b015sp03
Huawei Viewpoint 9030 Firmware	Version v100r011c03lgwl01spc100
Huawei Viewpoint 9030 Firmware	Version v100r011c03spc100
Huawei Viewpoint 9030 Firmware	Version v100r011c03spc200
Huawei Viewpoint 9030 Firmware	Version v100r011c03spc300
Huawei Viewpoint 9030 Firmware	Version v100r011c03spc400
Huawei Viewpoint 9030 Firmware	Version v100r011c03spc500

Running on/with	Platform Versions
Huawei Viewpoint 9030	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Espace U1960 Firmware	Version v200r003c30spc200

Running on/with	Platform Versions
Huawei Espace U1960	All versions

Configuration L

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Espace U1981 Firmware	Version v100r001c20spc700
Huawei Espace U1981 Firmware	Version v200r003c20spca00

Running on/with	Platform Versions
Huawei Espace U1981	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-sip-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-sip-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.