CVE-2017-17311

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180813-01-Bleichenbacher-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:usg2205bsr_firmware:v300r001c10spc600:*:*:*:*:*:*:*

cpe:2.3:h:huawei:usg2205bsr:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:usg2220bsr_firmware:v300r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:usg2220bsr:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:huawei:usg5120bsr_firmware:v300r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:usg5120bsr:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:huawei:usg5150bsr_firmware:v300r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:usg5150bsr:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-08-21 13:29

Updated : 2023-12-10 12:44

NVD link : CVE-2017-17311

Mitre link : CVE-2017-17311

CVE.ORG link : CVE-2017-17311

JSON object : View

Products Affected

huawei

usg2220bsr
usg2205bsr_firmware
usg5120bsr
usg5120bsr_firmware
usg5150bsr
usg5150bsr_firmware
usg2220bsr_firmware
usg2205bsr

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2017-17311", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-08-21T13:29:00.373", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180813-01-Bleichenbacher-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service."}, {"lang": "es", "value": "Algunos productos Firewall de Huawei, en sus modelos USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR y V300R001C00 tienen una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en las implementaciones IPSEC IKEv1.de productos Firewall de Huawei. Debido a un manejo incorrecto de los mensajes mal formados, un atacante podr\u00eda enviar paquetes manipulados al dispositivo afectado para explotar estas vulnerabilidades. Su explotaci\u00f3n con \u00e9xito podr\u00eda conducir a una denegaci\u00f3n de servicio del dispositivo."}], "lastModified": "2018-10-12T17:01:11.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:usg2205bsr_firmware:v300r001c10spc600:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6C9DEE4-F23B-4F54-9868-EDF5AC95D333"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:usg2205bsr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D9D90A5F-E41D-4CFD-86D2-FB208031CBAB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:usg2220bsr_firmware:v300r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B8F1406-67A4-4A46-8248-1712E85FE1D9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:usg2220bsr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3E4257B6-A1C0-4585-93EF-63081534C5E5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:usg5120bsr_firmware:v300r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54B9E222-40C0-408C-A669-8CF99836FE62"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:usg5120bsr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9C515743-EA4D-41A6-B295-90EBA5553AD6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:usg5150bsr_firmware:v300r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56E5A858-16C9-4085-BE5A-78A680D2F4D5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:usg5150bsr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3F058EF4-A6D4-4931-B571-332E0C1B052D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}