cnvd - cnvd-2017-21604

cnvd-2017-21604

Vulnerability from cnvd

Title: Huawei SMC2.0拒绝服务漏洞

Description:

Huawei SMC2.0是中国华为（Huawei）公司的一套视讯管理解决方案。该解决方案同时支持H.323和SIP两种主流协议，支持计算机和手机等设备接入。

Huawei SMC2.0中存在拒绝服务漏洞，该漏洞源于程序未能充分的验证接收到的PKI证书。远程攻击者可利用该漏洞造成TLS模块拒绝服务。

Severity: 中

Patch Name: Huawei SMC2.0拒绝服务漏洞的补丁

Patch Description:

Huawei SMC2.0是中国华为（Huawei）公司的一套视讯管理解决方案。该解决方案同时支持H.323和SIP两种主流协议，支持计算机和手机等设备接入。

Huawei SMC2.0中存在拒绝服务漏洞，该漏洞源于程序未能充分的验证接收到的PKI证书。远程攻击者可利用该漏洞造成TLS模块拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

华为已发布版本修复该漏洞。安全预警链接： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170705-01-tls-cn

Reference: http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170705-01-tls-cn

Impacted products

Name
['Huawei SMC2.0 V100R003C10', 'Huawei SMC2.0 V100R005C00SPC100', 'Huawei SMC2.0 V100R005C00SPC101B001T', 'Huawei SMC2.0 V100R005C00SPC102', 'Huawei SMC2.0 V100R005C00SPC103', 'Huawei SMC2.0 V100R005C00SPC200', 'Huawei SMC2.0 V100R005C00SPC201T', 'Huawei SMC2.0 V500R002C00', 'Huawei SMC2.0 V600R006C00']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8213"
    }
  },
  "description": "Huawei SMC2.0\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u5957\u89c6\u8baf\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u89e3\u51b3\u65b9\u6848\u540c\u65f6\u652f\u6301H.323\u548cSIP\u4e24\u79cd\u4e3b\u6d41\u534f\u8bae\uff0c\u652f\u6301\u8ba1\u7b97\u673a\u548c\u624b\u673a\u7b49\u8bbe\u5907\u63a5\u5165\u3002\r\n\r\nHuawei SMC2.0\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u9a8c\u8bc1\u63a5\u6536\u5230\u7684PKI\u8bc1\u4e66\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210TLS\u6a21\u5757\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u534e\u4e3a\u5df2\u53d1\u5e03\u7248\u672c\u4fee\u590d\u8be5\u6f0f\u6d1e\u3002\u5b89\u5168\u9884\u8b66\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170705-01-tls-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-21604",
  "openTime": "2017-08-18",
  "patchDescription": "Huawei SMC2.0\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u5957\u89c6\u8baf\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u89e3\u51b3\u65b9\u6848\u540c\u65f6\u652f\u6301H.323\u548cSIP\u4e24\u79cd\u4e3b\u6d41\u534f\u8bae\uff0c\u652f\u6301\u8ba1\u7b97\u673a\u548c\u624b\u673a\u7b49\u8bbe\u5907\u63a5\u5165\u3002\r\n\r\nHuawei SMC2.0\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u9a8c\u8bc1\u63a5\u6536\u5230\u7684PKI\u8bc1\u4e66\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210TLS\u6a21\u5757\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei SMC2.0\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei SMC2.0 V100R003C10",
      "Huawei SMC2.0 V100R005C00SPC100",
      "Huawei SMC2.0 V100R005C00SPC101B001T",
      "Huawei SMC2.0 V100R005C00SPC102",
      "Huawei SMC2.0 V100R005C00SPC103",
      "Huawei SMC2.0 V100R005C00SPC200",
      "Huawei SMC2.0 V100R005C00SPC201T",
      "Huawei SMC2.0 V500R002C00",
      "Huawei SMC2.0 V600R006C00"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170705-01-tls-cn",
  "serverity": "\u4e2d",
  "submitTime": "2017-07-06",
  "title": "Huawei SMC2.0\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2017-8213 (GCVE-0-2017-8213)

Vulnerability from cvelistv5

Published

2017-11-22 19:00

Modified

2024-09-16 17:54

Severity ?

CWE

input validation

Summary

Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module.

References

▼	URL	Tags
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170705-01-tls-en	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	SMC2.0	Version: V100R003C10,V100R005C00SPC100,V100R005C00SPC101B001T,V100R005C00SPC102,V100R005C00SPC103,V100R005C00SPC200,V100R005C00SPC201T,V500R002C00,V600R006C00,

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:27:23.238Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170705-01-tls-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SMC2.0",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "V100R003C10,V100R005C00SPC100,V100R005C00SPC101B001T,V100R005C00SPC102,V100R005C00SPC103,V100R005C00SPC200,V100R005C00SPC201T,V500R002C00,V600R006C00,"
            }
          ]
        }
      ],
      "datePublic": "2017-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "input validation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-27T16:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170705-01-tls-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "DATE_PUBLIC": "2017-11-15T00:00:00",
          "ID": "CVE-2017-8213",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SMC2.0",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V100R003C10,V100R005C00SPC100,V100R005C00SPC101B001T,V100R005C00SPC102,V100R005C00SPC103,V100R005C00SPC200,V100R005C00SPC201T,V500R002C00,V600R006C00,"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "input validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170705-01-tls-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170705-01-tls-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2017-8213",
    "datePublished": "2017-11-22T19:00:00Z",
    "dateReserved": "2017-04-25T00:00:00",
    "dateUpdated": "2024-09-16T17:54:04.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted