cnvd - cnvd-2017-00516

cnvd-2017-00516

Vulnerability from cnvd

Title: 多款Huawei产品拒绝服务漏洞（CNVD-2017-00516）

Description:

华为SoftCo等都是中国华为（Huawei）公司的系列交换机产品。eSpace是华为公司的通信解决方案。

多款Huawei产品拒绝服务漏洞，具有特定权限的攻击者可以构造包含恶意内容的文件上传到设备，当设备解析该文档时会导致内存耗尽，进而产生DoS攻击。

Severity: 中

Patch Name: 多款Huawei产品拒绝服务漏洞（CNVD-2017-00516）的补丁

Patch Description:

华为SoftCo等都是中国华为（Huawei）公司的系列交换机产品。eSpace是华为公司的通信解决方案。

多款Huawei产品拒绝服务漏洞，具有特定权限的攻击者可以构造包含恶意内容的文件上传到设备，当设备解析该文档时会导致内存耗尽，进而产生DoS攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170111-01-parser-cn

Reference: http://www.securityfocus.com/bid/95382 http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170111-01-parser-cn

Impacted products

Name
['Huawei SoftCo V200R003C20', 'Huawei eSpace U1910 V200R003C00', 'Huawei eSpace U1910 V200R003C20', 'Huawei eSpace U1910 V200R003C30', 'Huawei eSpace U1911 V200R003C20', 'Huawei eSpace U1911 V200R003C30', 'Huawei eSpace U1930 V200R003C20', 'Huawei eSpace U1930 V200R003C30', 'Huawei eSpace U1960 V200R003C20', 'Huawei eSpace U1960 V200R003C30', 'Huawei eSpace U1980 V200R003C20', 'Huawei eSpace U1980 V200R003C30', 'Huawei eSpace U1981 V200R003C30', 'Huawei eSpace U1981 V200R003C20']

Name

['Huawei SoftCo V200R003C20', 'Huawei eSpace U1910 V200R003C00', 'Huawei eSpace U1910 V200R003C20', 'Huawei eSpace U1910 V200R003C30', 'Huawei eSpace U1911 V200R003C20', 'Huawei eSpace U1911 V200R003C30', 'Huawei eSpace U1930 V200R003C20', 'Huawei eSpace U1930 V200R003C30', 'Huawei eSpace U1960 V200R003C20', 'Huawei eSpace U1960 V200R003C30', 'Huawei eSpace U1980 V200R003C20', 'Huawei eSpace U1980 V200R003C30', 'Huawei eSpace U1981 V200R003C30', 'Huawei eSpace U1981 V200R003C20']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95382"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2690"
    }
  },
  "description": "\u534e\u4e3aSoftCo\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u7cfb\u5217\u4ea4\u6362\u673a\u4ea7\u54c1\u3002eSpace\u662f\u534e\u4e3a\u516c\u53f8\u7684\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u591a\u6b3eHuawei\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5177\u6709\u7279\u5b9a\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u9020\u5305\u542b\u6076\u610f\u5185\u5bb9\u7684\u6587\u4ef6\u4e0a\u4f20\u5230\u8bbe\u5907\uff0c\u5f53\u8bbe\u5907\u89e3\u6790\u8be5\u6587\u6863\u65f6\u4f1a\u5bfc\u81f4\u5185\u5b58\u8017\u5c3d\uff0c\u8fdb\u800c\u4ea7\u751fDoS\u653b\u51fb\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170111-01-parser-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00516",
  "openTime": "2017-01-17",
  "patchDescription": "\u534e\u4e3aSoftCo\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u7cfb\u5217\u4ea4\u6362\u673a\u4ea7\u54c1\u3002eSpace\u662f\u534e\u4e3a\u516c\u53f8\u7684\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u591a\u6b3eHuawei\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5177\u6709\u7279\u5b9a\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u9020\u5305\u542b\u6076\u610f\u5185\u5bb9\u7684\u6587\u4ef6\u4e0a\u4f20\u5230\u8bbe\u5907\uff0c\u5f53\u8bbe\u5907\u89e3\u6790\u8be5\u6587\u6863\u65f6\u4f1a\u5bfc\u81f4\u5185\u5b58\u8017\u5c3d\uff0c\u8fdb\u800c\u4ea7\u751fDoS\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eHuawei\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-00516\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei SoftCo V200R003C20",
      "Huawei eSpace U1910 V200R003C00",
      "Huawei eSpace U1910  V200R003C20",
      "Huawei eSpace U1910  V200R003C30",
      "Huawei eSpace U1911 V200R003C20",
      "Huawei eSpace U1911  V200R003C30",
      "Huawei eSpace U1930 V200R003C20",
      "Huawei eSpace U1930  V200R003C30",
      "Huawei eSpace U1960 V200R003C20",
      "Huawei eSpace U1960  V200R003C30",
      "Huawei eSpace U1980 V200R003C20",
      "Huawei eSpace U1980  V200R003C30",
      "Huawei eSpace U1981 V200R003C30",
      "Huawei eSpace U1981  V200R003C20"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95382\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170111-01-parser-cn",
  "serverity": "\u4e2d",
  "submitTime": "2017-01-13",
  "title": "\u591a\u6b3eHuawei\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-00516\uff09"
}

CVE-2017-2690 (GCVE-0-2017-2690)

Vulnerability from cvelistv5

Published

2017-11-22 19:00

Modified

2024-09-16 17:59

Severity ?

CWE

Summary

SoftCo with software V200R003C20,eSpace U1910 with software V200R003C00, V200R003C20 and V200R003C30,eSpace U1911 with software V200R003C20, V200R003C30,eSpace U1930 with software V200R003C20 and V200R003C30,eSpace U1960 with software V200R003C20, V200R003C30,eSpace U1980 with software V200R003C20, V200R003C30,eSpace U1981 with software V200R003C20 and V200R003C30 have an denial of service (DoS) vulnerability, which allow an attacker with specific permission to craft a file containing malicious data and upload it to the device to exhaust memory, causing a DoS condition.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/95382	vdb-entry, x_refsource_BID
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-parser-en	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	SoftCo,eSpace U1910,eSpace U1911,eSpace U1930,eSpace U1960,eSpace U1980,eSpace U1981	Version: SoftCo V200R003C20,eSpace U1910 V200R003C00,eSpace U1910 V200R003C20,eSpace U1910 V200R003C30,eSpace U1911 V200R003C20,eSpace U1911 V200R003C30,eSpace U1930 V200R003C20,eSpace U1930 V200R003C30,eSpace U1960 V200R003C20,eSpace U1960 V200R003C30,eSpace U1980 V200R003C20,eSpace U1980 V200R003C30,eSpace U1981 V200R003C20,eSpace U1981 V200R003C30,

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:02:07.242Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95382",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95382"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-parser-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SoftCo,eSpace U1910,eSpace U1911,eSpace U1930,eSpace U1960,eSpace U1980,eSpace U1981",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "SoftCo V200R003C20,eSpace U1910 V200R003C00,eSpace U1910 V200R003C20,eSpace U1910 V200R003C30,eSpace U1911 V200R003C20,eSpace U1911 V200R003C30,eSpace U1930 V200R003C20,eSpace U1930 V200R003C30,eSpace U1960 V200R003C20,eSpace U1960 V200R003C30,eSpace U1980 V200R003C20,eSpace U1980 V200R003C30,eSpace U1981 V200R003C20,eSpace U1981 V200R003C30,"
            }
          ]
        }
      ],
      "datePublic": "2017-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SoftCo with software V200R003C20,eSpace U1910 with software V200R003C00, V200R003C20 and V200R003C30,eSpace U1911 with software V200R003C20, V200R003C30,eSpace U1930 with software V200R003C20 and V200R003C30,eSpace U1960 with software V200R003C20, V200R003C30,eSpace U1980 with software V200R003C20, V200R003C30,eSpace U1981 with software V200R003C20 and V200R003C30 have an denial of service (DoS) vulnerability, which allow an attacker with specific permission to craft a file containing malicious data and upload it to the device to exhaust memory, causing a DoS condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "DoS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-23T10:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "name": "95382",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95382"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-parser-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "DATE_PUBLIC": "2017-11-15T00:00:00",
          "ID": "CVE-2017-2690",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SoftCo,eSpace U1910,eSpace U1911,eSpace U1930,eSpace U1960,eSpace U1980,eSpace U1981",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SoftCo V200R003C20,eSpace U1910 V200R003C00,eSpace U1910 V200R003C20,eSpace U1910 V200R003C30,eSpace U1911 V200R003C20,eSpace U1911 V200R003C30,eSpace U1930 V200R003C20,eSpace U1930 V200R003C30,eSpace U1960 V200R003C20,eSpace U1960 V200R003C30,eSpace U1980 V200R003C20,eSpace U1980 V200R003C30,eSpace U1981 V200R003C20,eSpace U1981 V200R003C30,"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SoftCo with software V200R003C20,eSpace U1910 with software V200R003C00, V200R003C20 and V200R003C30,eSpace U1911 with software V200R003C20, V200R003C30,eSpace U1930 with software V200R003C20 and V200R003C30,eSpace U1960 with software V200R003C20, V200R003C30,eSpace U1980 with software V200R003C20, V200R003C30,eSpace U1981 with software V200R003C20 and V200R003C30 have an denial of service (DoS) vulnerability, which allow an attacker with specific permission to craft a file containing malicious data and upload it to the device to exhaust memory, causing a DoS condition."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "DoS"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95382",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95382"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-parser-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-parser-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2017-2690",
    "datePublished": "2017-11-22T19:00:00Z",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-09-16T17:59:42.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted