CVE-2017-17136

CVSS V2 Low 2.1 CVSS V3 Medium 5.5
Description
PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a heap overflow vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service.
Overview
  • CVE ID
  • CVE-2017-17136
  • Assigner
  • psirt@huawei.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2018-03-05T19:29:00
  • Last Modified Date
  • 2018-03-27T15:30:04
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:ips_module_firmware:v500r001c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:s12700_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s12700_firmware:v200r007c01:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s12700_firmware:v200r008c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s12700_firmware:v200r009c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s12700_firmware:v200r010c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:s1700_firmware:v200r006c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s1700_firmware:v200r009c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s1700_firmware:v200r010c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:s1700:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:s2700_firmware:v200r006c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s2700_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s2700_firmware:v200r008c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s2700_firmware:v200r009c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s2700_firmware:v200r010c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:s2700:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:s5700_firmware:v200r006c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s5700_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s5700_firmware:v200r008c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s5700_firmware:v200r009c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s5700_firmware:v200r010c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:s6700_firmware:v200r008c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s6700_firmware:v200r009c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s6700_firmware:v200r010c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:s7700_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s7700_firmware:v200r008c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s7700_firmware:v200r009c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s7700_firmware:v200r010c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:s9700_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s9700_firmware:v200r007c01:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s9700_firmware:v200r008c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s9700_firmware:v200r009c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:s9700_firmware:v200r010c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:s9700:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30s:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:te30_firmware:v100r001c02:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:te60_firmware:v100r001c02:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:tp3106_firmware:v100r002c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:tp3106:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:tp3206_firmware:v100r002c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:tp3206:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:L/Au:N/C:N/I:N/A:P
  • Access Vector
  • LOCAL
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • PARTIAL
  • Base Score
  • 2.1
  • Severity
  • LOW
  • Exploitability Score
  • 3.9
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • LOW
  • Privileges Required
  • LOW
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 5.5
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 1.8
  • Impact Score
  • 3.6
References
History
Created Old Value New Value Data Type Notes
2022-05-10 18:46:50 Added to TrackCVE
2022-12-03 03:00:13 2018-03-05T19:29Z 2018-03-05T19:29:00 CVE Published Date updated
2022-12-03 03:00:13 2018-03-27T15:30:04 CVE Modified Date updated
2022-12-03 03:00:13 Analyzed Vulnerability Status updated