CVE-2017-17303

Published: Mar 9, 2018Modified: Nov 21, 2024

4.9

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE30 V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE60 V100R001C10; V100R001C10B001; V100R001C10B002; V100R001C10B010; V100R001C10B011; V100R001C10B012; V100R001C10B013; V100R001C10B014; V100R001C10B016; V100R001C10B017; V100R001C10B018; V100R001C10B019; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800B011; V100R001C10SPC900; V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V500R002C00SPCe00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300 use the CIDAM protocol, which contains sensitive information in the message when it is implemented. So these products has an information disclosure vulnerability. An authenticated remote attacker could track and get the message of a target system. Successful exploit could allow the attacker to get the information and cause the sensitive information disclosure.

Affected (83)

Products: Huawei: Dp300 Firmware, Rp200 Firmware, Te30 Firmware, Te40 Firmware, Te50 Firmware, Te60 Firmware

6 products

Configuration A

17 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Dp300 Firmware	Version v500r002c00
Huawei Dp300 Firmware	Version v500r002c00b010
Huawei Dp300 Firmware	Version v500r002c00b011
Huawei Dp300 Firmware	Version v500r002c00b012
Huawei Dp300 Firmware	Version v500r002c00b013
Huawei Dp300 Firmware	Version v500r002c00b014
Huawei Dp300 Firmware	Version v500r002c00b017
Huawei Dp300 Firmware	Version v500r002c00b018
Huawei Dp300 Firmware	Version v500r002c00spc100
Huawei Dp300 Firmware	Version v500r002c00spc200
Huawei Dp300 Firmware	Version v500r002c00spc300
Huawei Dp300 Firmware	Version v500r002c00spc400
Huawei Dp300 Firmware	Version v500r002c00spc500
Huawei Dp300 Firmware	Version v500r002c00spc600
Huawei Dp300 Firmware	Version v500r002c00spc800
Huawei Dp300 Firmware	Version v500r002c00spc900
Huawei Dp300 Firmware	Version v500r002c00spca00

Running on/with	Platform Versions
Huawei Dp300	All versions

Configuration B

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rp200 Firmware	Version v500r002c00spc200
Huawei Rp200 Firmware	Version v600r006c00
Huawei Rp200 Firmware	Version v600r006c00spc200
Huawei Rp200 Firmware	Version v600r006c00spc300

Running on/with	Platform Versions
Huawei Rp200	All versions

Configuration C

13 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Te30 Firmware	Version v100r001c10spc300
Huawei Te30 Firmware	Version v100r001c10spc500
Huawei Te30 Firmware	Version v100r001c10spc600
Huawei Te30 Firmware	Version v100r001c10spc700b010
Huawei Te30 Firmware	Version v500r002c00spc200
Huawei Te30 Firmware	Version v500r002c00spc500
Huawei Te30 Firmware	Version v500r002c00spc600
Huawei Te30 Firmware	Version v500r002c00spc700
Huawei Te30 Firmware	Version v500r002c00spc900
Huawei Te30 Firmware	Version v500r002c00spcb00
Huawei Te30 Firmware	Version v600r006c00
Huawei Te30 Firmware	Version v600r006c00spc200
Huawei Te30 Firmware	Version v600r006c00spc300

Running on/with	Platform Versions
Huawei Te30	All versions

Configuration D

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Te40 Firmware	Version v500r002c00spc600
Huawei Te40 Firmware	Version v500r002c00spc700
Huawei Te40 Firmware	Version v500r002c00spc900
Huawei Te40 Firmware	Version v500r002c00spcb00
Huawei Te40 Firmware	Version v600r006c00
Huawei Te40 Firmware	Version v600r006c00spc200
Huawei Te40 Firmware	Version v600r006c00spc300

Running on/with	Platform Versions
Huawei Te40	All versions

Configuration E

6 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Te50 Firmware	Version v500r002c00spc600
Huawei Te50 Firmware	Version v500r002c00spc700
Huawei Te50 Firmware	Version v500r002c00spcb00
Huawei Te50 Firmware	Version v600r006c00
Huawei Te50 Firmware	Version v600r006c00spc200
Huawei Te50 Firmware	Version v600r006c00spc300

Running on/with	Platform Versions
Huawei Te50	All versions

Configuration F

36 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Te60 Firmware	Version v100r001c10
Huawei Te60 Firmware	Version v100r001c10b001
Huawei Te60 Firmware	Version v100r001c10b002
Huawei Te60 Firmware	Version v100r001c10b010
Huawei Te60 Firmware	Version v100r001c10b011
Huawei Te60 Firmware	Version v100r001c10b012
Huawei Te60 Firmware	Version v100r001c10b013
Huawei Te60 Firmware	Version v100r001c10b014
Huawei Te60 Firmware	Version v100r001c10b016
Huawei Te60 Firmware	Version v100r001c10b017
Huawei Te60 Firmware	Version v100r001c10b018
Huawei Te60 Firmware	Version v100r001c10b019
Huawei Te60 Firmware	Version v100r001c10spc400
Huawei Te60 Firmware	Version v100r001c10spc500
Huawei Te60 Firmware	Version v100r001c10spc600
Huawei Te60 Firmware	Version v100r001c10spc700
Huawei Te60 Firmware	Version v100r001c10spc800b011
Huawei Te60 Firmware	Version v100r001c10spc900
Huawei Te60 Firmware	Version v500r002c00
Huawei Te60 Firmware	Version v500r002c00b010
Huawei Te60 Firmware	Version v500r002c00b011
Huawei Te60 Firmware	Version v500r002c00spc100
Huawei Te60 Firmware	Version v500r002c00spc200
Huawei Te60 Firmware	Version v500r002c00spc300
Huawei Te60 Firmware	Version v500r002c00spc600
Huawei Te60 Firmware	Version v500r002c00spc700
Huawei Te60 Firmware	Version v500r002c00spc800
Huawei Te60 Firmware	Version v500r002c00spc900
Huawei Te60 Firmware	Version v500r002c00spca00
Huawei Te60 Firmware	Version v500r002c00spcb00
Huawei Te60 Firmware	Version v500r002c00spcd00
Huawei Te60 Firmware	Version v500r002c00spce00
Huawei Te60 Firmware	Version v600r006c00
Huawei Te60 Firmware	Version v600r006c00spc100
Huawei Te60 Firmware	Version v600r006c00spc200
Huawei Te60 Firmware	Version v600r006c00spc300

Running on/with	Platform Versions
Huawei Te60	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-cidam-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-cidam-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.