github - ghsa-qg78-79j4-jwpv

GHSA-QG78-79J4-JWPV

Vulnerability from github – Published: 2022-05-14 03:43 – Updated: 2022-05-14 03:43

Details

Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS attacks.

Severity ?

5.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-17151"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-15T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS attacks.",
  "id": "GHSA-qg78-79j4-jwpv",
  "modified": "2022-05-14T03:43:40Z",
  "published": "2022-05-14T03:43:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17151"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-h323-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2017-17151 (GCVE-0-2017-17151)

Vulnerability from cvelistv5 – Published: 2018-02-15 16:00 – Updated: 2024-08-05 20:43

Summary

Severity ?

No CVSS data available.

CWE

Input Validation?

Assigner

huawei

References

URL

Tags

http://www.huawei.com/en/psirt/security-advisorie…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	AR100,AR100-S,AR110-S,AR120,AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR510,DP300,NetEngine16EX,RP200,SRG1300,SRG2300,SRG3300,TE30,TE40,TE50,TE60,TP3106,TP3206,ViewPoint 8660,ViewPoint 9030	Affected: AR100 V200R008C20SPC700, V200R008C20SPC700PWE, V200R008C20SPC800, V200R008C20SPC800PWE, V200R008C30, AR100-S V200R007C00SPCa00, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C20SPC800PWE, V200R008C30, AR110-S V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20SPC800, V200R008C30, AR120 V200R006C10, V200R006C10SPC300, V200R006C10SPC300PWE, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR120-S V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR1200 V200R006C10, V200R006C10PWE, V200R006C10SPC030, V200R006C10SPC300, V200R006C10SPC300PWE, V200R006C10SPC600, V200R ...[truncated*]

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:43:59.850Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-h323-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AR100,AR100-S,AR110-S,AR120,AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR510,DP300,NetEngine16EX,RP200,SRG1300,SRG2300,SRG3300,TE30,TE40,TE50,TE60,TP3106,TP3206,ViewPoint 8660,ViewPoint 9030",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AR100 V200R008C20SPC700, V200R008C20SPC700PWE, V200R008C20SPC800, V200R008C20SPC800PWE, V200R008C30, AR100-S V200R007C00SPCa00, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C20SPC800PWE, V200R008C30, AR110-S V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20SPC800, V200R008C30, AR120 V200R006C10, V200R006C10SPC300, V200R006C10SPC300PWE, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR120-S V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR1200 V200R006C10, V200R006C10PWE, V200R006C10SPC030, V200R006C10SPC300, V200R006C10SPC300PWE, V200R006C10SPC600, V200R ...[truncated*]"
            }
          ]
        }
      ],
      "datePublic": "2017-12-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Input Validation?",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-15T15:57:02",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-h323-en"
        }
      ],
      "x_ConverterErrors": {
        "version_name": {
          "error": "version_name too long. Use array of versions to record more than one version.",
          "message": "Truncated!"
        }
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-17151",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AR100,AR100-S,AR110-S,AR120,AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR510,DP300,NetEngine16EX,RP200,SRG1300,SRG2300,SRG3300,TE30,TE40,TE50,TE60,TP3106,TP3206,ViewPoint 8660,ViewPoint 9030",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "AR100 V200R008C20SPC700, V200R008C20SPC700PWE, V200R008C20SPC800, V200R008C20SPC800PWE, V200R008C30, AR100-S V200R007C00SPCa00, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C20SPC800PWE, V200R008C30, AR110-S V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20SPC800, V200R008C30, AR120 V200R006C10, V200R006C10SPC300, V200R006C10SPC300PWE, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR120-S V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR1200 V200R006C10, V200R006C10PWE, V200R006C10SPC030, V200R006C10SPC300, V200R006C10SPC300PWE, V200R006C10SPC600, V200R006C13, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R007C02, V200R008C20, V200R008C20SPC600, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR1200-S V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C20SPC800PWE, V200R008C30, AR150 V200R006C10, V200R006C10PWE, V200R006C10SPC300, V200R006C10SPC300PWE, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R007C02, V200R007C02PWE, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR160 V200R006C10, V200R006C10PWE, V200R006C10SPC100, V200R006C10SPC200, V200R006C10SPC300, V200R006C10SPC300PWE, V200R006C10SPC600, V200R006C12, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC500, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R007C02, V200R008C20, V200R008C20SPC500T, V200R008C20SPC501T, V200R008C20SPC600, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, V200R008C30SPC100, AR200 V200R006C10, V200R006C10PWE, V200R006C10SPC100, V200R006C10SPC300, V200R006C10SPC300PWE, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R008C20, V200R008C20SPC600, V200R008C20SPC700, V200R008C20SPC800, V200R008C20SPC900, V200R008C20SPC900PWE, V200R008C30, AR200-S V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR2200 V200R006C10, V200R006C10PWE, V200R006C10SPC300, V200R006C10SPC300PWE, V200R006C10SPC600, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC500, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C01, V200R007C02, V200R008C20, V200R008C20SPC600, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, AR2200-S V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C20SPC800PWE, V200R008C30, AR3200 V200R006C10, V200R006C10PWE, V200R006C10SPC100, V200R006C10SPC200, V200R006C10SPC300, V200R006C10SPC300PWE, V200R006C10SPC600, V200R006C11, V200R007C00, V200R007C00PWE, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC500, V200R007C00SPC510T, V200R007C00SPC600, V200R007C00SPC600PWE, V200R007C00SPC900, V200R007C00SPC900PWE, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCb00PWE, V200R007C00SPCc00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C20B560, V200R008C20B570, V200R008C20B580, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, V200R008C30B010, V200R008C30B020, V200R008C30B030, V200R008C30B050, V200R008C30B060, V200R008C30B070, V200R008C30B080, V200R008C30SPC067T, AR510 V200R006C10, V200R006C10PWE, V200R006C10SPC200, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C30, DP300 V500R002C00, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, NetEngine16EX V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C20SPC700, V200R008C20SPC800, V200R008C30, RP200 V500R002C00SPC200, SRG1300 V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R006C10SPC300, V200R007C00, V200R007C00SPC100, V200R007C00SPC200, V200R007C00SPC600, V200R007C00SPC900, V200R007C00SPCb00, V200R008C20, V200R008C30, TE30 V100R001C02SPC100, V100R001C02SPC200, V100R001C10, V100R001C10SPC100, V100R001C10SPC300, V100R001C10SPC600, V100R001C10SPC800, V500R002C00SPC200, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, TE40 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE50 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, TE60 V100R001C01SPC100, V100R001C10, V100R001C10B010, V100R001C10SPC300, V100R001C10SPC400, V100R001C10SPC502T, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800, V100R001C10SPC900, V500R002C00, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V600R006C00, TP3106 V100R001C06B020, V100R002C00, V100R002C00B026, V100R002C00B027, V100R002C00B028, V100R002C00B029, V100R002C00SPC100B022, V100R002C00SPC100B022SP01, V100R002C00SPC100B023, V100R002C00SPC100B024, V100R002C00SPC100B025, V100R002C00SPC101T, V100R002C00SPC200, V100R002C00SPC400, V100R002C00SPC600, V100R002C00T, TP3206 V100R002C00, V100R002C00SPC200, V100R002C00SPC400, V100R002C00SPC600, ViewPoint 8660 V100R008C03B013SP02, V100R008C03B013SP03, V100R008C03B013SP04, V100R008C03SPC100, V100R008C03SPC100B010, V100R008C03SPC100B011, V100R008C03SPC200, V100R008C03SPC200T, V100R008C03SPC300, V100R008C03SPC400, V100R008C03SPC500, V100R008C03SPC600, V100R008C03SPC600T, V100R008C03SPC700, V100R008C03SPC800, V100R008C03SPC900, V100R008C03SPCa00, V100R008C03SPCb00, V100R008C03SPCc00, ViewPoint 9030 V100R011C02SPC100, V100R011C02SPC100B010, V100R011C03B012SP15, V100R011C03B012SP16, V100R011C03B015SP03, V100R011C03LGWL01SPC100, V100R011C03LGWL01SPC100B012, V100R011C03SPC100, V100R011C03SPC100B010, V100R011C03SPC100B011, V100R011C03SPC100B012, V100R011C03SPC200, V100R011C03SPC300, V100R011C03SPC400, V100R011C03SPC500, ,"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Input Validation?"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-h323-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-h323-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2017-17151",
    "datePublished": "2018-02-15T16:00:00",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-08-05T20:43:59.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-QG78-79J4-JWPV

CVE-2017-17151 (GCVE-0-2017-17151)

Tags

Sightings

Nomenclature