CVE-2017-17222

Published: Mar 9, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code.

Affected (3)

Products: Huawei: Espace 7950 Firmware, Espace 8950 Firmware

2 products

Espace 7950 Firmware

Espace 8950 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Espace 7950 Firmware	Version v200r003c30

Running on/with	Platform Versions
Huawei Espace 7950	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Espace 8950 Firmware	Version v200r003c00
Huawei Espace 8950 Firmware	Version v200r003c30

Running on/with	Platform Versions
Huawei Espace 8950	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.