{ "id": "CVE-2017-17165", "sourceIdentifier": "psirt@huawei.com", "published": "2018-02-15T16:29:02.250", "lastModified": "2018-03-07T15:09:10.087", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause device to reset." }, { "lang": "es", "value": "La funci\u00f3n IPv6 en Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00 y V200R009C00 tiene una vulnerabilidad de lectura fuera de l\u00edmites. Un atacante no autenticado podr\u00eda enviar paquetes mal formados IPv6 manipulados a los productos afectados. Dada la verificaci\u00f3n insuficiente de los paquetes, una explotaci\u00f3n exitosa podr\u00eda hacer que el dispositivo se reinicie." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-125" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:quidway_s2700_firmware:v200r003c00spc300:*:*:*:*:*:*:*", "matchCriteriaId": "B08E7609-C571-4153-AF1F-120B2DE2E7FA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:huawei:quidway_s2700:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC5853F5-8FEB-4B7E-9303-4BB25BE292F6" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:quidway_s5300_firmware:v200r003c00spc300:*:*:*:*:*:*:*", "matchCriteriaId": "4D3FED39-7AA4-4F95-804E-906CEBFED132" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:huawei:quidway_s5300:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C872196-628D-42A2-AC58-69CD8784CE5D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:quidway_s5700_firmware:v200r003c00spc300:*:*:*:*:*:*:*", "matchCriteriaId": "C4323CCE-DD88-4955-8D80-30D7A6733C92" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:huawei:quidway_s5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E83E3A8-C28D-437E-AC09-153B8A2FD14E" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s2300_firmware:v200r003c00:*:*:*:*:*:*:*", "matchCriteriaId": "1C6CC00C-1056-426B-9828-1A886F2C8D41" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s2300_firmware:v200r003c00spc300t:*:*:*:*:*:*:*", "matchCriteriaId": "2309FEA1-08EF-4D7C-A696-A9A38E6AEDDD" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s2300_firmware:v200r005c00:*:*:*:*:*:*:*", "matchCriteriaId": "F1C82DA6-8D95-45D2-B54C-CFE1AA9CC1F1" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s2300_firmware:v200r006c00:*:*:*:*:*:*:*", "matchCriteriaId": "1F982369-1A22-4F39-90AD-ABB824845774" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s2300_firmware:v200r007c00:*:*:*:*:*:*:*", "matchCriteriaId": "79FA2FDA-DB2D-47D9-8017-0E5D4EC8D620" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s2300_firmware:v200r008c00:*:*:*:*:*:*:*", "matchCriteriaId": "A40EFA43-E71F-464D-829C-8D4C60A57765" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s2300_firmware:v200r009c00:*:*:*:*:*:*:*", "matchCriteriaId": "C946DD64-C69E-4806-850C-D956D96CDE08" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:huawei:s2300:-:*:*:*:*:*:*:*", "matchCriteriaId": "17566603-275F-4E6B-B5D9-4A716EEC03DC" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s2700_firmware:v200r005c00:*:*:*:*:*:*:*", "matchCriteriaId": "AED7DFC5-846F-4F90-91A8-13E9E805C9CF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s2700_firmware:v200r006c00:*:*:*:*:*:*:*", "matchCriteriaId": "193FCE7A-C793-446B-9C39-20597FA7BC70" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s2700_firmware:v200r007c00:*:*:*:*:*:*:*", "matchCriteriaId": "E364889D-CDEE-4D8C-82E5-6D5BC3DD768A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s2700_firmware:v200r008c00:*:*:*:*:*:*:*", "matchCriteriaId": "FB8FC67E-DFD3-482E-B7D6-17464885B8DC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s2700_firmware:v200r009c00:*:*:*:*:*:*:*", "matchCriteriaId": "B6F69BC3-E6C0-4E70-AC13-D79D840579DB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:huawei:s2700:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD2CD071-58E4-4061-8217-990453213470" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5300_firmware:v200r003c00:*:*:*:*:*:*:*", "matchCriteriaId": "FD601FFF-E623-4ADC-B286-D11B8004D7CF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5300_firmware:v200r003c00spc300t:*:*:*:*:*:*:*", "matchCriteriaId": "6BED3B4C-4656-4676-97BE-EE5012F73FE8" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5300_firmware:v200r003c00spc600:*:*:*:*:*:*:*", "matchCriteriaId": "922D09A3-AC4E-4CAE-8737-5E3A8EB4F269" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5300_firmware:v200r003c02:*:*:*:*:*:*:*", "matchCriteriaId": "2D5A6744-9B7F-4FF4-BE1B-AB6E6249ECE3" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5300_firmware:v200r005c00:*:*:*:*:*:*:*", "matchCriteriaId": "5EAEF900-7C8C-4569-B74B-A802F951CC47" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5300_firmware:v200r005c01:*:*:*:*:*:*:*", "matchCriteriaId": "EB2B09C5-81F1-48B4-940D-6DFD06200139" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5300_firmware:v200r005c02:*:*:*:*:*:*:*", "matchCriteriaId": "EDC356D3-F015-46A0-8F7A-1C594F19535B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5300_firmware:v200r005c03:*:*:*:*:*:*:*", "matchCriteriaId": "4676DD73-3F04-4327-842A-1FCB6CB7650D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5300_firmware:v200r005c05:*:*:*:*:*:*:*", "matchCriteriaId": "54E6A13C-2E5B-4130-BD37-5521852AFEB9" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5300_firmware:v200r006c00:*:*:*:*:*:*:*", "matchCriteriaId": "58C2E728-E8F2-461D-A069-4BEC88B94FD0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5300_firmware:v200r007c00:*:*:*:*:*:*:*", "matchCriteriaId": "FD6B13D4-07F3-4CB5-8194-89781E685A78" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5300_firmware:v200r008c00:*:*:*:*:*:*:*", "matchCriteriaId": "5454BC21-A04F-4B3D-8533-2414B6E1BC8C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5300_firmware:v200r009c00:*:*:*:*:*:*:*", "matchCriteriaId": "7F31814D-5879-4FB9-BDAE-01CFC75D9AF4" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:huawei:s5300:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CFEF08E-54C5-4D60-AFF0-37B00D6E2DDD" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r003c00:*:*:*:*:*:*:*", "matchCriteriaId": "4907FBB8-5157-460D-9240-DD7D610C0FCC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r003c00spc316t:*:*:*:*:*:*:*", "matchCriteriaId": "17B32A0A-E35B-438E-A666-54700EF2ED69" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r003c00spc600:*:*:*:*:*:*:*", "matchCriteriaId": "7D6F9128-F253-4EAC-84B1-93DC8F40C3F7" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r003c02:*:*:*:*:*:*:*", "matchCriteriaId": "2898D6C5-77AB-4C1F-8134-B2DBD13EDB81" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r005c00:*:*:*:*:*:*:*", "matchCriteriaId": "DCF23DAE-1215-41B2-88C5-4436D846266C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r005c01:*:*:*:*:*:*:*", "matchCriteriaId": "F64CA8E2-AF04-42B3-8E26-2EF379703B1F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r005c02:*:*:*:*:*:*:*", "matchCriteriaId": "CB33B908-085C-43C6-B8B7-25BBF3614C9E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r005c03:*:*:*:*:*:*:*", "matchCriteriaId": "5B18ABC1-A970-472A-A8BF-934D1180930E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r006c00:*:*:*:*:*:*:*", "matchCriteriaId": "5973A534-F961-4A97-B20E-994BA28AFE29" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r007c00:*:*:*:*:*:*:*", "matchCriteriaId": "40745A01-E5AC-4207-A34F-D8E7F7231F83" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r008c00:*:*:*:*:*:*:*", "matchCriteriaId": "21FFF548-FBEF-468A-A8DE-1DB1B7C0B3AF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r009c00:*:*:*:*:*:*:*", "matchCriteriaId": "48B5A9B7-A931-4806-8AC7-302C6CA49CF1" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "E22D3CFF-3353-4EE2-8933-84F395469D0D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s600-e_firmware:v200r008c00:*:*:*:*:*:*:*", "matchCriteriaId": "299234CD-AD78-4C53-8B7E-C0B22681ADB2" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s600-e_firmware:v200r009c00:*:*:*:*:*:*:*", "matchCriteriaId": "F40ADCF0-4FE9-492E-B34A-69BEF6DEAFE5" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:huawei:s600-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E02D610-AB78-476B-9049-FDB66D9E9907" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s6300_firmware:v200r003c00:*:*:*:*:*:*:*", "matchCriteriaId": "5C330A14-C941-4B28-AA9C-B78A96A9011D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s6300_firmware:v200r005c00:*:*:*:*:*:*:*", "matchCriteriaId": "C6818ECD-730B-40D6-9108-B8540CC4BF1E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s6300_firmware:v200r007c00:*:*:*:*:*:*:*", "matchCriteriaId": "D5811970-FE82-4888-A01D-B356B5578296" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s6300_firmware:v200r008c00:*:*:*:*:*:*:*", "matchCriteriaId": "939C73D9-E0E9-47A5-970E-6C84F5ECD2D7" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s6300_firmware:v200r009c00:*:*:*:*:*:*:*", "matchCriteriaId": "B39BBA0F-8EB9-40BA-B8DF-5C735F2216A3" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:huawei:s6300:-:*:*:*:*:*:*:*", "matchCriteriaId": "AA3C8988-A1FC-4B04-9134-F2BDDADEAFB5" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s6700_firmware:v200r003c00:*:*:*:*:*:*:*", "matchCriteriaId": "749B68B9-9F62-4E7A-AC86-F4073BA32E18" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s6700_firmware:v200r005c00:*:*:*:*:*:*:*", "matchCriteriaId": "F18D9776-5CE7-4DD3-9119-7FB08A35B955" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s6700_firmware:v200r005c01:*:*:*:*:*:*:*", "matchCriteriaId": "F4979AA8-0D8E-4F37-A7DC-709BE4821D51" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s6700_firmware:v200r005c02:*:*:*:*:*:*:*", "matchCriteriaId": "898AC16A-8F4E-4709-A3B4-DE74FFB91130" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s6700_firmware:v200r007c00:*:*:*:*:*:*:*", "matchCriteriaId": "FF4AF711-D921-4261-A459-2A0780EA951F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s6700_firmware:v200r008c00:*:*:*:*:*:*:*", "matchCriteriaId": "8DA5CF67-A58B-4666-B87E-712507233453" }, { "vulnerable": true, "criteria": "cpe:2.3:o:huawei:s6700_firmware:v200r009c00:*:*:*:*:*:*:*", "matchCriteriaId": "A9EA93B5-01A5-4506-9B0A-993621E6940E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA7AC10D-B0DD-4206-8642-134DDD585C06" } ] } ] } ], "references": [ { "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en", "source": "psirt@huawei.com", "tags": [ "Vendor Advisory" ] } ] }