cnvd-2017-38099
Vulnerability from cnvd
Title: 多款Huawei产品CIDAM协议信息泄露漏洞
Description:
Huawei DP300等都是中国华为(Huawei)公司的产品。DP300是一款视频会议终端。RP200是一款视频会议一体机设备。CIDAM是其中的一个信息传输协议。
多款Huawei产品中的CIDAM协议存在信息泄露漏洞,该漏洞是由于协议在实现时发送的报文信息中包含敏感信息。远程攻击者可通过截取报文利用该漏洞获取发送给目标系统的报文信息,从而获取敏感信息。
Severity: 高
Patch Name: 多款Huawei产品CIDAM协议信息泄露漏洞的补丁
Patch Description:
Huawei DP300等都是中国华为(Huawei)公司的产品。DP300是一款视频会议终端。RP200是一款视频会议一体机设备。CIDAM是其中的一个信息传输协议。
多款Huawei产品中的CIDAM协议存在信息泄露漏洞,该漏洞是由于协议在实现时发送的报文信息中包含敏感信息。远程攻击者可通过截取报文利用该漏洞获取发送给目标系统的报文信息,从而获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171220-01-cidam-cn
Reference: http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171220-01-cidam-cn
Impacted products
| Name | ['Huawei DP300 V500R002C00', 'Huawei TE60 V500R002C00', 'Huawei TE60 V600R006C00', 'Huawei TE30 V600R006C00', 'Huawei TE40 V600R006C00', 'Huawei TE50 V600R006C00', 'Huawei TE60 V100R001C10', 'Huawei TE30 V100R001C10SPC300', 'Huawei TE30 V100R001C10SPC500', 'Huawei TE30 V100R001C10SPC600', 'Huawei TE30 V500R002C00SPC200', 'Huawei TE30 V500R002C00SPC500', 'Huawei TE30 V500R002C00SPC600', 'Huawei TE30 V500R002C00SPC700', 'Huawei TE30 V500R002C00SPC900', 'Huawei TE30 V500R002C00SPCb00', 'Huawei TE40 V500R002C00SPC600', 'Huawei TE40 V500R002C00SPC700', 'Huawei TE40 V500R002C00SPC900', 'Huawei TE40 V500R002C00SPCb00', 'Huawei TE50 V500R002C00SPC600', 'Huawei TE50 V500R002C00SPC700', 'Huawei TE50 V500R002C00SPCb00', 'Huawei DP300 V500R002C00B010', 'Huawei DP300 V500R002C00B011', 'Huawei DP300 V500R002C00B012', 'Huawei DP300 V500R002C00B013', 'Huawei DP300 V500R002C00B014', 'Huawei DP300 V500R002C00B017', 'Huawei DP300 V500R002C00B018', 'Huawei DP300 V500R002C00SPC100', 'Huawei DP300 V500R002C00SPC200', 'Huawei DP300 V500R002C00SPC300', 'Huawei DP300 V500R002C00SPC400', 'Huawei DP300 V500R002C00SPC50', 'Huawei DP300 V500R002C00SPC600', 'Huawei DP300 V500R002C00SPC800', 'Huawei DP300 V500R002C00SPC900', 'Huawei DP300 V500R002C00SPCa00', 'Huawei TE30 V600R006C00SPC200', 'Huawei TE30 V100R001C10SPC700B010', 'Huawei TE30 V600R006C00SPC300', 'Huawei TE40 V600R006C00SPC200', 'Huawei TE40 V600R006C00SPC300', 'Huawei TE50 V600R006C00SPC200', 'Huawei TE50 V600R006C00SPC300', 'Huawei TE60 V600R006C00SPC200', 'Huawei TE60 V600R006C00SPC300', 'Huawei TE60 V600R006C00SPC100', 'Huawei TE60 V100R001C10B001', 'Huawei TE60 V100R001C10B002', 'Huawei TE60 V100R001C10B010', 'Huawei TE60 V100R001C10B011', 'Huawei TE60 V100R001C10B012', 'Huawei TE60 V100R001C10B013', 'Huawei TE60 V100R001C10B014', 'Huawei TE60 V100R001C10B016', 'Huawei TE60 V100R001C10B017', 'Huawei TE60 V100R001C10B018', 'Huawei TE60 V100R001C10B019', 'Huawei TE60 V100R001C10SPC400', 'Huawei TE60 V100R001C10SPC500', 'Huawei TE60 V100R001C10SPC600', 'Huawei TE60 V100R001C10SPC700', 'Huawei TE60 V100R001C10SPC800B011', 'Huawei TE60 V100R001C10SPC900', 'Huawei TE60 V500R002C00B010', 'Huawei TE60 V500R002C00B011', 'Huawei TE60 V500R002C00SPC100', 'Huawei TE60 V500R002C00SPC200', 'Huawei TE60 V500R002C00SPC300', 'Huawei TE60 V500R002C00SPC600', 'Huawei TE60 V500R002C00SPC700', 'Huawei TE60 V500R002C00SPC800', 'Huawei TE60 V500R002C00SPC900', 'Huawei TE60 V500R002C00SPCa00', 'Huawei TE60 V500R002C00SPCb00', 'Huawei TE60 V500R002C00SPCd00', 'Huawei TE60 V500R002C00SPCe00'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-17303"
}
},
"description": "Huawei DP300\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002DP300\u662f\u4e00\u6b3e\u89c6\u9891\u4f1a\u8bae\u7ec8\u7aef\u3002RP200\u662f\u4e00\u6b3e\u89c6\u9891\u4f1a\u8bae\u4e00\u4f53\u673a\u8bbe\u5907\u3002CIDAM\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4fe1\u606f\u4f20\u8f93\u534f\u8bae\u3002\r\n\r\n\u591a\u6b3eHuawei\u4ea7\u54c1\u4e2d\u7684CIDAM\u534f\u8bae\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u534f\u8bae\u5728\u5b9e\u73b0\u65f6\u53d1\u9001\u7684\u62a5\u6587\u4fe1\u606f\u4e2d\u5305\u542b\u654f\u611f\u4fe1\u606f\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u622a\u53d6\u62a5\u6587\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u53d1\u9001\u7ed9\u76ee\u6807\u7cfb\u7edf\u7684\u62a5\u6587\u4fe1\u606f\uff0c\u4ece\u800c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "Huawei",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171220-01-cidam-cn",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-38099",
"openTime": "2017-12-26",
"patchDescription": "Huawei DP300\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002DP300\u662f\u4e00\u6b3e\u89c6\u9891\u4f1a\u8bae\u7ec8\u7aef\u3002RP200\u662f\u4e00\u6b3e\u89c6\u9891\u4f1a\u8bae\u4e00\u4f53\u673a\u8bbe\u5907\u3002CIDAM\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4fe1\u606f\u4f20\u8f93\u534f\u8bae\u3002\r\n\r\n\u591a\u6b3eHuawei\u4ea7\u54c1\u4e2d\u7684CIDAM\u534f\u8bae\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u534f\u8bae\u5728\u5b9e\u73b0\u65f6\u53d1\u9001\u7684\u62a5\u6587\u4fe1\u606f\u4e2d\u5305\u542b\u654f\u611f\u4fe1\u606f\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u622a\u53d6\u62a5\u6587\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u53d1\u9001\u7ed9\u76ee\u6807\u7cfb\u7edf\u7684\u62a5\u6587\u4fe1\u606f\uff0c\u4ece\u800c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eHuawei\u4ea7\u54c1CIDAM\u534f\u8bae\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Huawei DP300 V500R002C00",
"Huawei TE60 V500R002C00",
"Huawei TE60 V600R006C00",
"Huawei TE30 V600R006C00",
"Huawei TE40 V600R006C00",
"Huawei TE50 V600R006C00",
"Huawei TE60 V100R001C10",
"Huawei TE30 V100R001C10SPC300",
"Huawei TE30 V100R001C10SPC500",
"Huawei TE30 V100R001C10SPC600",
"Huawei TE30 V500R002C00SPC200",
"Huawei TE30 V500R002C00SPC500",
"Huawei TE30 V500R002C00SPC600",
"Huawei TE30 V500R002C00SPC700",
"Huawei TE30 V500R002C00SPC900",
"Huawei TE30 V500R002C00SPCb00",
"Huawei TE40 V500R002C00SPC600",
"Huawei TE40 V500R002C00SPC700",
"Huawei TE40 V500R002C00SPC900",
"Huawei TE40 V500R002C00SPCb00",
"Huawei TE50 V500R002C00SPC600",
"Huawei TE50 V500R002C00SPC700",
"Huawei TE50 V500R002C00SPCb00",
"Huawei DP300 V500R002C00B010",
"Huawei DP300 V500R002C00B011",
"Huawei DP300 V500R002C00B012",
"Huawei DP300 V500R002C00B013",
"Huawei DP300 V500R002C00B014",
"Huawei DP300 V500R002C00B017",
"Huawei DP300 V500R002C00B018",
"Huawei DP300 V500R002C00SPC100",
"Huawei DP300 V500R002C00SPC200",
"Huawei DP300 V500R002C00SPC300",
"Huawei DP300 V500R002C00SPC400",
"Huawei DP300 V500R002C00SPC50",
"Huawei DP300 V500R002C00SPC600",
"Huawei DP300 V500R002C00SPC800",
"Huawei DP300 V500R002C00SPC900",
"Huawei DP300 V500R002C00SPCa00",
"Huawei TE30 V600R006C00SPC200",
"Huawei TE30 V100R001C10SPC700B010",
"Huawei TE30 V600R006C00SPC300",
"Huawei TE40 V600R006C00SPC200",
"Huawei TE40 V600R006C00SPC300",
"Huawei TE50 V600R006C00SPC200",
"Huawei TE50 V600R006C00SPC300",
"Huawei TE60 V600R006C00SPC200",
"Huawei TE60 V600R006C00SPC300",
"Huawei TE60 V600R006C00SPC100",
"Huawei TE60 V100R001C10B001",
"Huawei TE60 V100R001C10B002",
"Huawei TE60 V100R001C10B010",
"Huawei TE60 V100R001C10B011",
"Huawei TE60 V100R001C10B012",
"Huawei TE60 V100R001C10B013",
"Huawei TE60 V100R001C10B014",
"Huawei TE60 V100R001C10B016",
"Huawei TE60 V100R001C10B017",
"Huawei TE60 V100R001C10B018",
"Huawei TE60 V100R001C10B019",
"Huawei TE60 V100R001C10SPC400",
"Huawei TE60 V100R001C10SPC500",
"Huawei TE60 V100R001C10SPC600",
"Huawei TE60 V100R001C10SPC700",
"Huawei TE60 V100R001C10SPC800B011",
"Huawei TE60 V100R001C10SPC900",
"Huawei TE60 V500R002C00B010",
"Huawei TE60 V500R002C00B011",
"Huawei TE60 V500R002C00SPC100",
"Huawei TE60 V500R002C00SPC200",
"Huawei TE60 V500R002C00SPC300",
"Huawei TE60 V500R002C00SPC600",
"Huawei TE60 V500R002C00SPC700",
"Huawei TE60 V500R002C00SPC800",
"Huawei TE60 V500R002C00SPC900",
"Huawei TE60 V500R002C00SPCa00",
"Huawei TE60 V500R002C00SPCb00",
"Huawei TE60 V500R002C00SPCd00",
"Huawei TE60 V500R002C00SPCe00"
]
},
"referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171220-01-cidam-cn",
"serverity": "\u9ad8",
"submitTime": "2017-12-21",
"title": "\u591a\u6b3eHuawei\u4ea7\u54c1CIDAM\u534f\u8bae\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…