CVE-2017-17299

CVSS V2 Medium 5 CVSS V3 High 7.5
Description
Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00S, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, IPS Module V500R001C30, NIP6300 V500R001C30, NetEngine16EX V200R006C10, V200R007C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker may send crafted IKE V2 messages to the affected products. Due to the insufficient validation of the messages, successful exploit will cause invalid memory access and result in a denial of service on the affected products.
Overview
  • CVE ID
  • CVE-2017-17299
  • Assigner
  • psirt@huawei.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2018-02-15T16:29:03
  • Last Modified Date
  • 2018-03-09T14:36:04
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:huawei:ar120-s_firmware:v200r006c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:ar120-s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:ar1200_firmware:v200r006c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar1200_firmware:v200r006c13:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar1200_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar1200_firmware:v200r007c02:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:ar1200:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:ar1200-s_firmware:v200r006c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c20:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:ar1200-s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:ar150_firmware:v200r006c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar150_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar150_firmware:v200r007c02:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:ar150:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:ar150-s_firmware:v200r006c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar150-s_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:ar150-s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:ar160_firmware:v200r006c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar160_firmware:v200r006c12:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar160_firmware:v200r007c00s:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar160_firmware:v200r007c02:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:ar160:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:ar200_firmware:v200r006c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar200_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:ar200:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:ar200-s_firmware:v200r006c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar200-s_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:ar200-s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:ar2200_firmware:v200r006c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar2200_firmware:v200r006c13:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar2200_firmware:v200r006c16:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar2200_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar2200_firmware:v200r007c02:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:ar2200:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:ar2200-s_firmware:v200r006c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar2200-s_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar2200-s_firmware:v200r008c20:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:ar2200-s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:ar3200_firmware:v200r006c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar3200_firmware:v200r006c11:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar3200_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar3200_firmware:v200r007c02:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:ar3200:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:ar3600_firmware:v200r006c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar3600_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:ar3600:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:ar510_firmware:v200r006c12:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar510_firmware:v200r006c13:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar510_firmware:v200r006c15:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar510_firmware:v200r006c16:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar510_firmware:v200r006c17:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:ar510_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:ar510:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:huawei:netengine16ex_firmware:v200r006c10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:huawei:netengine16ex_firmware:v200r007c00:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:huawei:netengine16ex:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:N/I:N/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • PARTIAL
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 7.5
  • Base Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 3.6
References
History
Created Old Value New Value Data Type Notes
2022-05-10 18:47:41 Added to TrackCVE
2022-12-03 02:16:42 2018-02-15T16:29Z 2018-02-15T16:29:03 CVE Published Date updated
2022-12-03 02:16:42 2018-03-09T14:36:04 CVE Modified Date updated
2022-12-03 02:16:42 Analyzed Vulnerability Status updated