CNVD-2018-00234

Vulnerability from cnvd - Published: 2018-01-04
VLAI Severity ?
Title
多款华为产品H323协议输入校验漏洞
Description
Huawei AR120-S等都是中国华为(Huawei)公司的路由器产品。 多款华为产品H323协议存在输入校验漏洞,由于报文检验不足,未经过认证的攻击者可以利用这个漏洞,发送特殊的H323报文造成DOS攻击。
Severity
Patch Name
多款华为产品H323协议输入校验漏洞的补丁
Patch Description
Huawei AR120-S等都是中国华为(Huawei)公司的路由器产品。 多款华为产品H323协议存在输入校验漏洞,由于报文检验不足,未经过认证的攻击者可以利用这个漏洞,发送特殊的H323报文造成DOS攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可联系供应商获得补丁信息: http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171206-01-h323-cn

Reference
http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171206-01-h323-cn
Impacted products
Name
['Huawei AR3200 V200R007C00', 'Huawei DP300 V500R002C00', 'Huawei TE60 V500R002C00', 'Huawei TP3206 V100R002C00', 'Huawei TP3106 V100R002C00', 'Huawei TE30 V100R001C10', 'Huawei TE40 V600R006C00', 'Huawei AR120-S V200R006C10', 'Huawei AR120-S V200R007C00', 'Huawei AR120-S V200R008C20', 'Huawei AR120-S V200R008C30', 'Huawei AR1200 V200R006C10', 'Huawei AR1200 V200R007C00', 'Huawei AR1200 V200R007C01', 'Huawei AR1200 V200R008C20', 'Huawei AR1200 V200R008C30', 'Huawei AR1200-S V200R006C10', 'Huawei AR1200-S V200R007C00', 'Huawei AR1200-S V200R008C20', 'Huawei AR1200-S V200R008C30', 'Huawei AR150 V200R007C00', 'Huawei AR150-S V200R006C10', 'Huawei AR150-S V200R007C00', 'Huawei AR150-S V200R008C20', 'Huawei AR150-S V200R008C30', 'Huawei AR160 V200R007C00', 'Huawei AR200 V200R008C20', 'Huawei AR200-S V200R006C10', 'Huawei AR200-S V200R007C00', 'Huawei AR200-S V200R008C20', 'Huawei AR200-S V200R008C30', 'Huawei AR2200 V200R007C00', 'Huawei AR510 V200R006C10', 'Huawei NetEngine16EX V200R006C10', 'Huawei SRG1300 V200R006C10', 'Huawei SRG2300 V200R006C10', 'Huawei SRG3300 V200R006C10', 'Huawei AR2200-S V200R006C10', 'Huawei AR2200-S V200R007C00', 'Huawei AR2200-S V200R008C20', 'Huawei AR2200-S V200R008C30', 'Huawei RP200 V500R002C00SPC200', 'Huawei TE50 V500R002C00SPC600', 'Huawei AR1200-S V200R005C32', 'Huawei AR200-S V200R005C32', 'Huawei AR2200-S V200R005C20', 'Huawei AR2200-S V200R005C32', 'Huawei ViewPoint 9030 V100R011C03SPC100', 'Huawei AR100 V200R008C20SPC700', 'Huawei AR100 V200R008C20SPC700PWE', 'Huawei AR100 V200R008C20SPC800', 'Huawei AR100 V200R008C20SPC800PWE', 'Huawei AR100 V200R008C30', 'Huawei AR100-S V200R007C00SPCa00', 'Huawei AR100-S V200R007C00SPCb00', 'Huawei AR100-S V200R008C20', 'Huawei AR100-S V200R008C20SPC700', 'Huawei AR100-S V200R008C20SPC800', 'Huawei AR100-S V200R008C20SPC800PWE', 'Huawei AR100-S V200R008C30', 'Huawei AR110-S V200R007C00SPC600', 'Huawei AR110-S V200R007C00SPC900', 'Huawei AR110-S V200R007C00SPCb00', 'Huawei AR110-S V200R008C20SPC800', 'Huawei AR110-S V200R008C30', 'Huawei AR120 V200R006C10SPC300', 'Huawei AR120 V200R006C10SPC300PWE', 'Huawei AR120 V200R007C00PWE', 'Huawei AR120 V200R007C00SPC100', 'Huawei AR120 V200R007C00SPC200', 'Huawei AR120 V200R007C00SPC600', 'Huawei AR120 V200R007C00SPC600PWE', 'Huawei AR120 V200R007C00SPC900', 'Huawei AR120 V200R007C00SPC900PWE', 'Huawei AR120 V200R007C00SPCb00', 'Huawei AR120 V200R007C00SPCb00PWE', 'Huawei AR120 V200R008C20SPC700', 'Huawei AR120 V200R008C20SPC800']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-17151"
    }
  },
  "description": "Huawei AR120-S\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1H323\u534f\u8bae\u5b58\u5728\u8f93\u5165\u6821\u9a8c\u6f0f\u6d1e\uff0c\u7531\u4e8e\u62a5\u6587\u68c0\u9a8c\u4e0d\u8db3\uff0c\u672a\u7ecf\u8fc7\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u53d1\u9001\u7279\u6b8a\u7684H323\u62a5\u6587\u9020\u6210DOS\u653b\u51fb\u3002",
  "discovererName": "\u534e\u4e3a",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171206-01-h323-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-00234",
  "openTime": "2018-01-04",
  "patchDescription": "Huawei AR120-S\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1H323\u534f\u8bae\u5b58\u5728\u8f93\u5165\u6821\u9a8c\u6f0f\u6d1e\uff0c\u7531\u4e8e\u62a5\u6587\u68c0\u9a8c\u4e0d\u8db3\uff0c\u672a\u7ecf\u8fc7\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u53d1\u9001\u7279\u6b8a\u7684H323\u62a5\u6587\u9020\u6210DOS\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1H323\u534f\u8bae\u8f93\u5165\u6821\u9a8c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei AR3200 V200R007C00",
      "Huawei DP300 V500R002C00",
      "Huawei TE60 V500R002C00",
      "Huawei TP3206 V100R002C00",
      "Huawei TP3106 V100R002C00",
      "Huawei TE30 V100R001C10",
      "Huawei TE40 V600R006C00",
      "Huawei AR120-S V200R006C10",
      "Huawei AR120-S V200R007C00",
      "Huawei AR120-S V200R008C20",
      "Huawei AR120-S V200R008C30",
      "Huawei AR1200 V200R006C10",
      "Huawei AR1200 V200R007C00",
      "Huawei AR1200 V200R007C01",
      "Huawei AR1200 V200R008C20",
      "Huawei AR1200 V200R008C30",
      "Huawei AR1200-S V200R006C10",
      "Huawei AR1200-S V200R007C00",
      "Huawei AR1200-S V200R008C20",
      "Huawei AR1200-S V200R008C30",
      "Huawei AR150 V200R007C00",
      "Huawei AR150-S V200R006C10",
      "Huawei AR150-S V200R007C00",
      "Huawei AR150-S V200R008C20",
      "Huawei AR150-S V200R008C30",
      "Huawei AR160 V200R007C00",
      "Huawei AR200 V200R008C20",
      "Huawei AR200-S V200R006C10",
      "Huawei AR200-S V200R007C00",
      "Huawei AR200-S V200R008C20",
      "Huawei AR200-S V200R008C30",
      "Huawei AR2200 V200R007C00",
      "Huawei AR510 V200R006C10",
      "Huawei NetEngine16EX V200R006C10",
      "Huawei SRG1300 V200R006C10",
      "Huawei SRG2300 V200R006C10",
      "Huawei SRG3300 V200R006C10",
      "Huawei AR2200-S V200R006C10",
      "Huawei AR2200-S V200R007C00",
      "Huawei AR2200-S V200R008C20",
      "Huawei AR2200-S V200R008C30",
      "Huawei RP200 V500R002C00SPC200",
      "Huawei TE50 V500R002C00SPC600",
      "Huawei AR1200-S V200R005C32",
      "Huawei AR200-S V200R005C32",
      "Huawei AR2200-S V200R005C20",
      "Huawei AR2200-S V200R005C32",
      "Huawei ViewPoint 9030 V100R011C03SPC100",
      "Huawei AR100 V200R008C20SPC700",
      "Huawei AR100 V200R008C20SPC700PWE",
      "Huawei AR100 V200R008C20SPC800",
      "Huawei AR100 V200R008C20SPC800PWE",
      "Huawei AR100 V200R008C30",
      "Huawei AR100-S V200R007C00SPCa00",
      "Huawei AR100-S V200R007C00SPCb00",
      "Huawei AR100-S V200R008C20",
      "Huawei AR100-S V200R008C20SPC700",
      "Huawei AR100-S V200R008C20SPC800",
      "Huawei AR100-S V200R008C20SPC800PWE",
      "Huawei AR100-S V200R008C30",
      "Huawei AR110-S V200R007C00SPC600",
      "Huawei AR110-S V200R007C00SPC900",
      "Huawei AR110-S V200R007C00SPCb00",
      "Huawei AR110-S V200R008C20SPC800",
      "Huawei AR110-S V200R008C30",
      "Huawei AR120 V200R006C10SPC300",
      "Huawei AR120 V200R006C10SPC300PWE",
      "Huawei AR120 V200R007C00PWE",
      "Huawei AR120 V200R007C00SPC100",
      "Huawei AR120 V200R007C00SPC200",
      "Huawei AR120 V200R007C00SPC600",
      "Huawei AR120 V200R007C00SPC600PWE",
      "Huawei AR120 V200R007C00SPC900",
      "Huawei AR120 V200R007C00SPC900PWE",
      "Huawei AR120 V200R007C00SPCb00",
      "Huawei AR120 V200R007C00SPCb00PWE",
      "Huawei AR120 V200R008C20SPC700",
      "Huawei AR120 V200R008C20SPC800"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171206-01-h323-cn",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-07",
  "title": "\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1H323\u534f\u8bae\u8f93\u5165\u6821\u9a8c\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.