CNVD-2017-00516

Vulnerability from cnvd - Published: 2017-01-17
VLAI Severity ?
Title
多款Huawei产品拒绝服务漏洞(CNVD-2017-00516)
Description
华为SoftCo等都是中国华为(Huawei)公司的系列交换机产品。eSpace是华为公司的通信解决方案。 多款Huawei产品拒绝服务漏洞,具有特定权限的攻击者可以构造包含恶意内容的文件上传到设备,当设备解析该文档时会导致内存耗尽,进而产生DoS攻击。
Severity
Patch Name
多款Huawei产品拒绝服务漏洞(CNVD-2017-00516)的补丁
Patch Description
华为SoftCo等都是中国华为(Huawei)公司的系列交换机产品。eSpace是华为公司的通信解决方案。 多款Huawei产品拒绝服务漏洞,具有特定权限的攻击者可以构造包含恶意内容的文件上传到设备,当设备解析该文档时会导致内存耗尽,进而产生DoS攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可参考如下供应商提供的安全公告获得补丁信息: http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170111-01-parser-cn

Reference
http://www.securityfocus.com/bid/95382 http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170111-01-parser-cn
Impacted products
Name
['Huawei SoftCo V200R003C20', 'Huawei eSpace U1910 V200R003C00', 'Huawei eSpace U1910 V200R003C20', 'Huawei eSpace U1910 V200R003C30', 'Huawei eSpace U1911 V200R003C20', 'Huawei eSpace U1911 V200R003C30', 'Huawei eSpace U1930 V200R003C20', 'Huawei eSpace U1930 V200R003C30', 'Huawei eSpace U1960 V200R003C20', 'Huawei eSpace U1960 V200R003C30', 'Huawei eSpace U1980 V200R003C20', 'Huawei eSpace U1980 V200R003C30', 'Huawei eSpace U1981 V200R003C30', 'Huawei eSpace U1981 V200R003C20']
Show details on source website
To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "95382"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2690"
    }
  },
  "description": "\u534e\u4e3aSoftCo\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u7cfb\u5217\u4ea4\u6362\u673a\u4ea7\u54c1\u3002eSpace\u662f\u534e\u4e3a\u516c\u53f8\u7684\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u591a\u6b3eHuawei\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5177\u6709\u7279\u5b9a\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u9020\u5305\u542b\u6076\u610f\u5185\u5bb9\u7684\u6587\u4ef6\u4e0a\u4f20\u5230\u8bbe\u5907\uff0c\u5f53\u8bbe\u5907\u89e3\u6790\u8be5\u6587\u6863\u65f6\u4f1a\u5bfc\u81f4\u5185\u5b58\u8017\u5c3d\uff0c\u8fdb\u800c\u4ea7\u751fDoS\u653b\u51fb\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170111-01-parser-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00516",
  "openTime": "2017-01-17",
  "patchDescription": "\u534e\u4e3aSoftCo\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u7cfb\u5217\u4ea4\u6362\u673a\u4ea7\u54c1\u3002eSpace\u662f\u534e\u4e3a\u516c\u53f8\u7684\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u591a\u6b3eHuawei\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5177\u6709\u7279\u5b9a\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u9020\u5305\u542b\u6076\u610f\u5185\u5bb9\u7684\u6587\u4ef6\u4e0a\u4f20\u5230\u8bbe\u5907\uff0c\u5f53\u8bbe\u5907\u89e3\u6790\u8be5\u6587\u6863\u65f6\u4f1a\u5bfc\u81f4\u5185\u5b58\u8017\u5c3d\uff0c\u8fdb\u800c\u4ea7\u751fDoS\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eHuawei\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-00516\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei SoftCo V200R003C20",
      "Huawei eSpace U1910 V200R003C00",
      "Huawei eSpace U1910  V200R003C20",
      "Huawei eSpace U1910  V200R003C30",
      "Huawei eSpace U1911 V200R003C20",
      "Huawei eSpace U1911  V200R003C30",
      "Huawei eSpace U1930 V200R003C20",
      "Huawei eSpace U1930  V200R003C30",
      "Huawei eSpace U1960 V200R003C20",
      "Huawei eSpace U1960  V200R003C30",
      "Huawei eSpace U1980 V200R003C20",
      "Huawei eSpace U1980  V200R003C30",
      "Huawei eSpace U1981 V200R003C30",
      "Huawei eSpace U1981  V200R003C20"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95382\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170111-01-parser-cn",
  "serverity": "\u4e2d",
  "submitTime": "2017-01-13",
  "title": "\u591a\u6b3eHuawei\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-00516\uff09"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.