cnvd - cnvd-2018-05550

CNVD-2018-05550

Vulnerability from cnvd - Published: 2018-03-19

Title

华为多个产品越界写漏洞

Description

Huawei AR120-S等都是中国华为（Huawei）公司的路由器产品。多款Huawei产品中存在安全漏洞，该漏洞源于程序未能正确的验证用户提交的数据。远程攻击者可通过发送异常的OSPF消息利用该漏洞造成拒绝服务（越边界写入和系统崩溃）。

Severity

高

Patch Name

华为多个产品越界写漏洞的补丁

Patch Description

Huawei AR120-S等都是中国华为（Huawei）公司的路由器产品。多款Huawei产品中存在安全漏洞，该漏洞源于程序未能正确的验证用户提交的数据。远程攻击者可通过发送异常的OSPF消息利用该漏洞造成拒绝服务（越边界写入和系统崩溃）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180214-01-ospf-cn

Reference

http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180214-01-ospf-cn

Impacted products

Name
['Huawei AR3200 V200R007C00', 'Huawei AR3200 V200R005C32', 'Huawei AR1200 V200R005C32', 'Huawei AR1200-S V200R005C32', 'Huawei AR160 V200R005C32', 'Huawei AR200 V200R005C32', 'Huawei AR200-S V200R005C32', 'Huawei AR2200-S V200R005C32', 'Huawei AR510 V200R005C32', 'Huawei SRG1300 V200R005C32', 'Huawei SRG2300 V200R005C32', 'Huawei SRG3300 V200R005C32', 'Huawei AR120-S V200R005C32', 'Huawei AR150 V200R005C32', 'Huawei AR150-S V200R005C32', 'Huawei NetEngine16EX V200R005C32']

Name

['Huawei AR3200 V200R007C00', 'Huawei AR3200 V200R005C32', 'Huawei AR1200 V200R005C32', 'Huawei AR1200-S V200R005C32', 'Huawei AR160 V200R005C32', 'Huawei AR200 V200R005C32', 'Huawei AR200-S V200R005C32', 'Huawei AR2200-S V200R005C32', 'Huawei AR510 V200R005C32', 'Huawei SRG1300 V200R005C32', 'Huawei SRG2300 V200R005C32', 'Huawei SRG3300 V200R005C32', 'Huawei AR120-S V200R005C32', 'Huawei AR150 V200R005C32', 'Huawei AR150-S V200R005C32', 'Huawei NetEngine16EX V200R005C32']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-17250"
    }
  },
  "description": "Huawei AR120-S\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eHuawei\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u9a8c\u8bc1\u7528\u6237\u63d0\u4ea4\u7684\u6570\u636e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5f02\u5e38\u7684OSPF\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8d8a\u8fb9\u754c\u5199\u5165\u548c\u7cfb\u7edf\u5d29\u6e83\uff09\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180214-01-ospf-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-05550",
  "openTime": "2018-03-19",
  "patchDescription": "Huawei AR120-S\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eHuawei\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u9a8c\u8bc1\u7528\u6237\u63d0\u4ea4\u7684\u6570\u636e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5f02\u5e38\u7684OSPF\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8d8a\u8fb9\u754c\u5199\u5165\u548c\u7cfb\u7edf\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u534e\u4e3a\u591a\u4e2a\u4ea7\u54c1\u8d8a\u754c\u5199\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei AR3200 V200R007C00",
      "Huawei AR3200 V200R005C32",
      "Huawei AR1200 V200R005C32",
      "Huawei AR1200-S V200R005C32",
      "Huawei AR160 V200R005C32",
      "Huawei AR200 V200R005C32",
      "Huawei AR200-S V200R005C32",
      "Huawei AR2200-S V200R005C32",
      "Huawei AR510 V200R005C32",
      "Huawei SRG1300 V200R005C32",
      "Huawei SRG2300 V200R005C32",
      "Huawei SRG3300 V200R005C32",
      "Huawei AR120-S V200R005C32",
      "Huawei AR150 V200R005C32",
      "Huawei AR150-S V200R005C32",
      "Huawei NetEngine16EX V200R005C32"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180214-01-ospf-cn",
  "serverity": "\u9ad8",
  "submitTime": "2018-02-14",
  "title": "\u534e\u4e3a\u591a\u4e2a\u4ea7\u54c1\u8d8a\u754c\u5199\u6f0f\u6d1e"
}

CVE-2017-17250 (GCVE-0-2017-17250)

Vulnerability from cvelistv5 – Published: 2018-03-09 17:00 – Updated: 2024-08-05 20:43

Summary

Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash.

Severity ?

No CVSS data available.

CWE

out-of-bounds write

Assigner

huawei

References

URL

Tags

http://www.huawei.com/en/psirt/security-advisorie…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	AR120-S; AR1200; AR1200-S; AR150; AR150-S; AR160; AR200; AR200-S; AR2200-S; AR3200; AR510; NetEngine16EX; SRG1300; SRG2300; SRG3300	Affected: AR120-S V200R005C32 Affected: AR1200 V200R005C32 Affected: AR1200-S V200R005C32 Affected: AR150 V200R005C32 Affected: AR150-S V200R005C32 Affected: AR160 V200R005C32 Affected: AR200 V200R005C32 Affected: AR200-S V200R005C32 Affected: AR2200-S V200R005C32 Affected: AR3200 V200R005C32 Affected: V200R007C00 Affected: AR510 V200R005C32 Affected: NetEngine16EX V200R005C32 Affected: SRG1300 V200R005C32 Affected: SRG2300 V200R005C32 Affected: SRG3300 V200R005C32

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:43:59.885Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AR120-S; AR1200; AR1200-S; AR150; AR150-S; AR160; AR200; AR200-S; AR2200-S; AR3200; AR510; NetEngine16EX; SRG1300; SRG2300; SRG3300",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AR120-S V200R005C32"
            },
            {
              "status": "affected",
              "version": "AR1200 V200R005C32"
            },
            {
              "status": "affected",
              "version": "AR1200-S V200R005C32"
            },
            {
              "status": "affected",
              "version": "AR150 V200R005C32"
            },
            {
              "status": "affected",
              "version": "AR150-S V200R005C32"
            },
            {
              "status": "affected",
              "version": "AR160 V200R005C32"
            },
            {
              "status": "affected",
              "version": "AR200 V200R005C32"
            },
            {
              "status": "affected",
              "version": "AR200-S V200R005C32"
            },
            {
              "status": "affected",
              "version": "AR2200-S V200R005C32"
            },
            {
              "status": "affected",
              "version": "AR3200 V200R005C32"
            },
            {
              "status": "affected",
              "version": "V200R007C00"
            },
            {
              "status": "affected",
              "version": "AR510 V200R005C32"
            },
            {
              "status": "affected",
              "version": "NetEngine16EX V200R005C32"
            },
            {
              "status": "affected",
              "version": "SRG1300 V200R005C32"
            },
            {
              "status": "affected",
              "version": "SRG2300 V200R005C32"
            },
            {
              "status": "affected",
              "version": "SRG3300 V200R005C32"
            }
          ]
        }
      ],
      "datePublic": "2018-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "out-of-bounds write",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-09T16:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-17250",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AR120-S; AR1200; AR1200-S; AR150; AR150-S; AR160; AR200; AR200-S; AR2200-S; AR3200; AR510; NetEngine16EX; SRG1300; SRG2300; SRG3300",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "AR120-S V200R005C32"
                          },
                          {
                            "version_value": "AR1200 V200R005C32"
                          },
                          {
                            "version_value": "AR1200-S V200R005C32"
                          },
                          {
                            "version_value": "AR150 V200R005C32"
                          },
                          {
                            "version_value": "AR150-S V200R005C32"
                          },
                          {
                            "version_value": "AR160 V200R005C32"
                          },
                          {
                            "version_value": "AR200 V200R005C32"
                          },
                          {
                            "version_value": "AR200-S V200R005C32"
                          },
                          {
                            "version_value": "AR2200-S V200R005C32"
                          },
                          {
                            "version_value": "AR3200 V200R005C32"
                          },
                          {
                            "version_value": "V200R007C00"
                          },
                          {
                            "version_value": "AR510 V200R005C32"
                          },
                          {
                            "version_value": "NetEngine16EX V200R005C32"
                          },
                          {
                            "version_value": "SRG1300 V200R005C32"
                          },
                          {
                            "version_value": "SRG2300 V200R005C32"
                          },
                          {
                            "version_value": "SRG3300 V200R005C32"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "out-of-bounds write"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2017-17250",
    "datePublished": "2018-03-09T17:00:00",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-08-05T20:43:59.885Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-05550

CVE-2017-17250 (GCVE-0-2017-17250)

Tags

Sightings

Nomenclature