var-201712-0808
Vulnerability from variot
Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful exploitation could make the device restart. HuaweiS12700 is an intelligent routing switch of China Huawei. The following products and versions are affected: Huawei S12700 V200R006C00 Version, V200R007C00 Version, V200R007C01 Version, V200R007C20 Version, V200R008C00 Version, V200R009C00 Version, V200R010C00 Version; S1700 V200R006C10 Version, V200R009C00 Version, V200R010C00 Version; S2700 V200R006C00 Version, V200R006C10 Version, V200R007C00 Version, V200R008C00 Version, V200R009C00 Version, V200R010C00 Version, V200R011C00 Version; S5700 V200R005C00 Version, V200R006C00 Version, V200R007C00 Version, V200R008C00 Version, V200R009C00 Version, V200R010C00 Version, V200R011C00 Version; S6700 V200R005C00 Version, V200R008C00 Version, V200R009C00 Version, V200R010C00 Version; S7700 V200R006C00 Version , version V200R007C00, version V200R008C00, version V200R009C00, version V200R010C00;
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0808", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "s5700", scope: "eq", trust: 2.4, vendor: "huawei", version: "v200r005c00", }, { model: "s6700", scope: "eq", trust: 2.4, vendor: "huawei", version: "v200r005c00", }, { model: "s9700 v200r008c00", scope: null, trust: 1.2, vendor: "huawei", version: null, }, { model: "s5700 v200r005c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s7700 v200r006c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s7700 v200r008c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s9700 v200r006c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s12700 v200r006c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s12700 v200r008c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s5700 v200r006c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s12700 v200r007c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s5700 v200r007c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s7700 v200r007c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s9700 v200r007c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s5700 v200r009c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s6700 v200r005c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s6700 v200r009c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s7700 v200r009c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s12700 v200r009c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s12700 v200r007c01", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s2700 v200r006c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s2700 v200r007c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s2700 v200r008c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s5700 v200r008c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s6700 v200r008c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s12700 v200r007c20", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s12700 v200r010c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s1700 v200r006c10", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s1700 v200r009c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s1700 v200r010c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s2700 v200r006c10", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s2700 v200r009c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s2700 v200r010c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s2700 v200r011c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s5700 v200r010c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s5700 v200r011c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s6700 v200r010c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s7700 v200r010c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s9700 v200r007c01", scope: null, trust: 0.6, vendor: "huawei", version: null, }, { model: "s9700 v200r010c00", scope: null, trust: 0.6, vendor: "huawei", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-37724", }, { db: "JVNDB", id: "JVNDB-2017-011576", }, { db: "NVD", id: "CVE-2017-15324", }, { db: "CNNVD", id: "CNNVD-201712-688", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:huawei:s5700_firmware:v200r005c00:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:huawei:s6700_firmware:v200r005c00:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-15324", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Huawei internal tester", sources: [ { db: "CNNVD", id: "CNNVD-201712-688", }, ], trust: 0.6, }, cve: "CVE-2017-15324", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: true, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 6.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.8, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-15324", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CNVD-2017-37724", impactScore: 6.9, integrityImpact: "NONE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "VHN-106135", impactScore: 6.9, integrityImpact: "NONE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:N/I:N/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-15324", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-15324", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2017-37724", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201712-688", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-106135", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2017-37724", }, { db: "VULHUB", id: "VHN-106135", }, { db: "JVNDB", id: "JVNDB-2017-011576", }, { db: "NVD", id: "CVE-2017-15324", }, { db: "CNNVD", id: "CNNVD-201712-688", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful exploitation could make the device restart. HuaweiS12700 is an intelligent routing switch of China Huawei. The following products and versions are affected: Huawei S12700 V200R006C00 Version, V200R007C00 Version, V200R007C01 Version, V200R007C20 Version, V200R008C00 Version, V200R009C00 Version, V200R010C00 Version; S1700 V200R006C10 Version, V200R009C00 Version, V200R010C00 Version; S2700 V200R006C00 Version, V200R006C10 Version, V200R007C00 Version, V200R008C00 Version, V200R009C00 Version, V200R010C00 Version, V200R011C00 Version; S5700 V200R005C00 Version, V200R006C00 Version, V200R007C00 Version, V200R008C00 Version, V200R009C00 Version, V200R010C00 Version, V200R011C00 Version; S6700 V200R005C00 Version, V200R008C00 Version, V200R009C00 Version, V200R010C00 Version; S7700 V200R006C00 Version , version V200R007C00, version V200R008C00, version V200R009C00, version V200R010C00;", sources: [ { db: "NVD", id: "CVE-2017-15324", }, { db: "JVNDB", id: "JVNDB-2017-011576", }, { db: "CNVD", id: "CNVD-2017-37724", }, { db: "VULHUB", id: "VHN-106135", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-15324", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2017-011576", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201712-688", trust: 0.7, }, { db: "CNVD", id: "CNVD-2017-37724", trust: 0.6, }, { db: "VULHUB", id: "VHN-106135", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-37724", }, { db: "VULHUB", id: "VHN-106135", }, { db: "JVNDB", id: "JVNDB-2017-011576", }, { db: "NVD", id: "CVE-2017-15324", }, { db: "CNNVD", id: "CNNVD-201712-688", }, ], }, id: "VAR-201712-0808", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2017-37724", }, { db: "VULHUB", id: "VHN-106135", }, ], trust: 1.604162115151515, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-37724", }, ], }, last_update_date: "2023-12-18T13:57:09.897000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "huawei-sa-20171206-01-nqa", trust: 0.8, url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-nqa-en", }, { title: "Patches for several Huawei Product Denial of Service Vulnerabilities (CNVD-2017-37724)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/111253", }, { title: "Multiple Huawei Product security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77226", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-37724", }, { db: "JVNDB", id: "JVNDB-2017-011576", }, { db: "CNNVD", id: "CNNVD-201712-688", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-106135", }, { db: "JVNDB", id: "JVNDB-2017-011576", }, { db: "NVD", id: "CVE-2017-15324", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-nqa-en", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15324", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-15324", }, { trust: 0.6, url: "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171206-01-nqa-cn", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-37724", }, { db: "VULHUB", id: "VHN-106135", }, { db: "JVNDB", id: "JVNDB-2017-011576", }, { db: "NVD", id: "CVE-2017-15324", }, { db: "CNNVD", id: "CNNVD-201712-688", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2017-37724", }, { db: "VULHUB", id: "VHN-106135", }, { db: "JVNDB", id: "JVNDB-2017-011576", }, { db: "NVD", id: "CVE-2017-15324", }, { db: "CNNVD", id: "CNNVD-201712-688", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-12-21T00:00:00", db: "CNVD", id: "CNVD-2017-37724", }, { date: "2017-12-22T00:00:00", db: "VULHUB", id: "VHN-106135", }, { date: "2018-01-22T00:00:00", db: "JVNDB", id: "JVNDB-2017-011576", }, { date: "2017-12-22T17:29:13.470000", db: "NVD", id: "CVE-2017-15324", }, { date: "2017-12-20T00:00:00", db: "CNNVD", id: "CNNVD-201712-688", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-12-21T00:00:00", db: "CNVD", id: "CNVD-2017-37724", }, { date: "2018-01-17T00:00:00", db: "VULHUB", id: "VHN-106135", }, { date: "2018-01-22T00:00:00", db: "JVNDB", id: "JVNDB-2017-011576", }, { date: "2018-01-17T02:29:01.257000", db: "NVD", id: "CVE-2017-15324", }, { date: "2017-12-20T00:00:00", db: "CNNVD", id: "CNNVD-201712-688", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201712-688", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Huawei S5700 and S6700 Input validation vulnerability in other software", sources: [ { db: "JVNDB", id: "JVNDB-2017-011576", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation", sources: [ { db: "CNNVD", id: "CNNVD-201712-688", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
This schema specifies the format of a comment related to a security advisory.
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.