CNVD-2018-07946

Vulnerability from cnvd - Published: 2018-04-19
VLAI Severity ?
Title
Huawei多个产品ENUM模块缓冲区溢出漏洞
Description
DP300、RP200、TE30等都是中国华为(Huawei)公司的网络视频通信设备。 Huawei多个产品ENUM(Electronic Numbers to URI Mapping)模块存在缓冲区溢出漏洞。远程攻击者通过控制对端设备,向受影响设备发送精心构造的ENUM报文,导致缓冲区错误,部分服务异常。
Severity
Patch Name
Huawei多个产品ENUM模块缓冲区溢出漏洞的补丁
Patch Description
DP300、RP200、TE30等都是中国华为(Huawei)公司的网络视频通信设备。 Huawei多个产品ENUM(Electronic Numbers to URI Mapping)模块存在缓冲区溢出漏洞。远程攻击者通过控制对端设备,向受影响设备发送精心构造的ENUM报文,导致缓冲区错误,部分服务异常。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可联系供应商获得补丁信息: http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180418-01-enum-cn

Reference
http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180418-01-enum-cn
Impacted products
Name
['Huawei DP300 V500R002C00', 'Huawei TE60 V100R001C10', 'Huawei TE60 V500R002C00', 'Huawei TE60 V600R006C00', 'Huawei RP200 V600R006C00', 'Huawei TE30 V100R001C10', 'Huawei TE30 V500R002C00', 'Huawei TE30 V600R006C00', 'Huawei TE40 V500R002C00', 'Huawei TE40 V600R006C00', 'Huawei TE50 V500R002C00', 'Huawei TE50 V600R006C00']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-17310"
    }
  },
  "description": "DP300\u3001RP200\u3001TE30\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u7f51\u7edc\u89c6\u9891\u901a\u4fe1\u8bbe\u5907\u3002\r\n\r\nHuawei\u591a\u4e2a\u4ea7\u54c1ENUM\uff08Electronic Numbers to URI Mapping\uff09\u6a21\u5757\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u63a7\u5236\u5bf9\u7aef\u8bbe\u5907\uff0c\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u53d1\u9001\u7cbe\u5fc3\u6784\u9020\u7684ENUM\u62a5\u6587\uff0c\u5bfc\u81f4\u7f13\u51b2\u533a\u9519\u8bef\uff0c\u90e8\u5206\u670d\u52a1\u5f02\u5e38\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180418-01-enum-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-07946",
  "openTime": "2018-04-19",
  "patchDescription": "DP300\u3001RP200\u3001TE30\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u7f51\u7edc\u89c6\u9891\u901a\u4fe1\u8bbe\u5907\u3002\r\n\r\nHuawei\u591a\u4e2a\u4ea7\u54c1ENUM\uff08Electronic Numbers to URI Mapping\uff09\u6a21\u5757\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u63a7\u5236\u5bf9\u7aef\u8bbe\u5907\uff0c\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u53d1\u9001\u7cbe\u5fc3\u6784\u9020\u7684ENUM\u62a5\u6587\uff0c\u5bfc\u81f4\u7f13\u51b2\u533a\u9519\u8bef\uff0c\u90e8\u5206\u670d\u52a1\u5f02\u5e38\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei\u591a\u4e2a\u4ea7\u54c1ENUM\u6a21\u5757\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei DP300 V500R002C00",
      "Huawei TE60 V100R001C10",
      "Huawei TE60 V500R002C00",
      "Huawei TE60 V600R006C00",
      "Huawei RP200 V600R006C00",
      "Huawei TE30 V100R001C10",
      "Huawei TE30 V500R002C00",
      "Huawei TE30 V600R006C00",
      "Huawei TE40 V500R002C00",
      "Huawei TE40 V600R006C00",
      "Huawei TE50 V500R002C00",
      "Huawei TE50 V600R006C00"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180418-01-enum-cn",
  "serverity": "\u4f4e",
  "submitTime": "2018-04-19",
  "title": "Huawei\u591a\u4e2a\u4ea7\u54c1ENUM\u6a21\u5757\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.