CVE-2017-17166

{"id": "CVE-2017-17166", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2018-02-15T16:29:02.297", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-h323-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack memory is exhausted."}, {"lang": "es", "value": "Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00 y V500R002C10 tienen una vulnerabilidad de agotamiento de recursos. El software no procesa ciertos campos de los mensajes H.323 correctamente, por lo que un atacante no autenticado podr\u00eda enviar mensajes H.323 manipulados al dispositivo. Esto provocar\u00eda que ciertos servicios no est\u00e9n disponibles ya que la memoria de la pila est\u00e1 agotada."}], "lastModified": "2018-02-26T15:21:16.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8871106B-D3AF-4CFB-A544-1FA411642428"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F3483B2-9EB6-4E34-900A-945C04A3160D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C996915-83A1-4EA5-A8E1-F609DA879D2D"}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11CAA59E-F2A8-4E84-BCC5-CADA8FDA9712"}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A8AEAB1-6106-47A2-8207-67E557A8BF80"}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64E335D2-FE4B-4316-8827-4741EC9AA674"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C281B511-7A27-4FC6-9427-AE5AD7C302F3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3189382E-6846-4713-A92F-ABD03683F4A5"}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3983A57-2F07-4D21-9093-1DFEAB310E26"}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "627F40B6-8CD1-47EE-8937-F1FAAAB86F0D"}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2D01ED2-70BC-411A-9BB8-A4EB04C92F4A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0ED6E342-26E7-45DF-AC3F-EFEBAE3DDDF0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E990766D-FBD4-404E-A783-3D2D0BC210F3"}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A638ACAF-9A6F-4861-8CDB-E43FBC3C9C5B"}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADB7FBB2-1CC6-4DA3-85AB-66562B0A9198"}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72CE6722-BA5D-4AAE-9C72-36F06EB4DFF1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BE469876-F873-4705-9760-097AE840A818"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D28E0627-0B19-4616-933E-76294F83813F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:tp3206:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "45ED506D-5094-476B-83F0-CBBED04EF348"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:vp9660_firmware:v500r002c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A68709FF-9E1C-4174-A925-70A88D4376A3"}, {"criteria": "cpe:2.3:o:huawei:vp9660_firmware:v500r002c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A58ED692-8BED-4877-9BC9-D41386B660C1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:vp9660:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D1DC498B-F19F-403A-ACFE-F8364A78EC66"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}