cnvd-2018-00234
Vulnerability from cnvd

Title: 多款华为产品H323协议输入校验漏洞

Description:

Huawei AR120-S等都是中国华为(Huawei)公司的路由器产品。

多款华为产品H323协议存在输入校验漏洞,由于报文检验不足,未经过认证的攻击者可以利用这个漏洞,发送特殊的H323报文造成DOS攻击。

Severity:

Patch Name: 多款华为产品H323协议输入校验漏洞的补丁

Patch Description:

Huawei AR120-S等都是中国华为(Huawei)公司的路由器产品。

多款华为产品H323协议存在输入校验漏洞,由于报文检验不足,未经过认证的攻击者可以利用这个漏洞,发送特殊的H323报文造成DOS攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

用户可联系供应商获得补丁信息: http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171206-01-h323-cn

Reference: http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171206-01-h323-cn

Impacted products
Name
['Huawei AR3200 V200R007C00', 'Huawei DP300 V500R002C00', 'Huawei TE60 V500R002C00', 'Huawei TP3206 V100R002C00', 'Huawei TP3106 V100R002C00', 'Huawei TE30 V100R001C10', 'Huawei TE40 V600R006C00', 'Huawei AR120-S V200R006C10', 'Huawei AR120-S V200R007C00', 'Huawei AR120-S V200R008C20', 'Huawei AR120-S V200R008C30', 'Huawei AR1200 V200R006C10', 'Huawei AR1200 V200R007C00', 'Huawei AR1200 V200R007C01', 'Huawei AR1200 V200R008C20', 'Huawei AR1200 V200R008C30', 'Huawei AR1200-S V200R006C10', 'Huawei AR1200-S V200R007C00', 'Huawei AR1200-S V200R008C20', 'Huawei AR1200-S V200R008C30', 'Huawei AR150 V200R007C00', 'Huawei AR150-S V200R006C10', 'Huawei AR150-S V200R007C00', 'Huawei AR150-S V200R008C20', 'Huawei AR150-S V200R008C30', 'Huawei AR160 V200R007C00', 'Huawei AR200 V200R008C20', 'Huawei AR200-S V200R006C10', 'Huawei AR200-S V200R007C00', 'Huawei AR200-S V200R008C20', 'Huawei AR200-S V200R008C30', 'Huawei AR2200 V200R007C00', 'Huawei AR510 V200R006C10', 'Huawei NetEngine16EX V200R006C10', 'Huawei SRG1300 V200R006C10', 'Huawei SRG2300 V200R006C10', 'Huawei SRG3300 V200R006C10', 'Huawei AR2200-S V200R006C10', 'Huawei AR2200-S V200R007C00', 'Huawei AR2200-S V200R008C20', 'Huawei AR2200-S V200R008C30', 'Huawei RP200 V500R002C00SPC200', 'Huawei TE50 V500R002C00SPC600', 'Huawei AR1200-S V200R005C32', 'Huawei AR200-S V200R005C32', 'Huawei AR2200-S V200R005C20', 'Huawei AR2200-S V200R005C32', 'Huawei ViewPoint 9030 V100R011C03SPC100', 'Huawei AR100 V200R008C20SPC700', 'Huawei AR100 V200R008C20SPC700PWE', 'Huawei AR100 V200R008C20SPC800', 'Huawei AR100 V200R008C20SPC800PWE', 'Huawei AR100 V200R008C30', 'Huawei AR100-S V200R007C00SPCa00', 'Huawei AR100-S V200R007C00SPCb00', 'Huawei AR100-S V200R008C20', 'Huawei AR100-S V200R008C20SPC700', 'Huawei AR100-S V200R008C20SPC800', 'Huawei AR100-S V200R008C20SPC800PWE', 'Huawei AR100-S V200R008C30', 'Huawei AR110-S V200R007C00SPC600', 'Huawei AR110-S V200R007C00SPC900', 'Huawei AR110-S V200R007C00SPCb00', 'Huawei AR110-S V200R008C20SPC800', 'Huawei AR110-S V200R008C30', 'Huawei AR120 V200R006C10SPC300', 'Huawei AR120 V200R006C10SPC300PWE', 'Huawei AR120 V200R007C00PWE', 'Huawei AR120 V200R007C00SPC100', 'Huawei AR120 V200R007C00SPC200', 'Huawei AR120 V200R007C00SPC600', 'Huawei AR120 V200R007C00SPC600PWE', 'Huawei AR120 V200R007C00SPC900', 'Huawei AR120 V200R007C00SPC900PWE', 'Huawei AR120 V200R007C00SPCb00', 'Huawei AR120 V200R007C00SPCb00PWE', 'Huawei AR120 V200R008C20SPC700', 'Huawei AR120 V200R008C20SPC800']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-17151"
    }
  },
  "description": "Huawei AR120-S\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1H323\u534f\u8bae\u5b58\u5728\u8f93\u5165\u6821\u9a8c\u6f0f\u6d1e\uff0c\u7531\u4e8e\u62a5\u6587\u68c0\u9a8c\u4e0d\u8db3\uff0c\u672a\u7ecf\u8fc7\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u53d1\u9001\u7279\u6b8a\u7684H323\u62a5\u6587\u9020\u6210DOS\u653b\u51fb\u3002",
  "discovererName": "\u534e\u4e3a",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171206-01-h323-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-00234",
  "openTime": "2018-01-04",
  "patchDescription": "Huawei AR120-S\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1H323\u534f\u8bae\u5b58\u5728\u8f93\u5165\u6821\u9a8c\u6f0f\u6d1e\uff0c\u7531\u4e8e\u62a5\u6587\u68c0\u9a8c\u4e0d\u8db3\uff0c\u672a\u7ecf\u8fc7\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u53d1\u9001\u7279\u6b8a\u7684H323\u62a5\u6587\u9020\u6210DOS\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1H323\u534f\u8bae\u8f93\u5165\u6821\u9a8c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei AR3200 V200R007C00",
      "Huawei DP300 V500R002C00",
      "Huawei TE60 V500R002C00",
      "Huawei TP3206 V100R002C00",
      "Huawei TP3106 V100R002C00",
      "Huawei TE30 V100R001C10",
      "Huawei TE40 V600R006C00",
      "Huawei AR120-S V200R006C10",
      "Huawei AR120-S V200R007C00",
      "Huawei AR120-S V200R008C20",
      "Huawei AR120-S V200R008C30",
      "Huawei AR1200 V200R006C10",
      "Huawei AR1200 V200R007C00",
      "Huawei AR1200 V200R007C01",
      "Huawei AR1200 V200R008C20",
      "Huawei AR1200 V200R008C30",
      "Huawei AR1200-S V200R006C10",
      "Huawei AR1200-S V200R007C00",
      "Huawei AR1200-S V200R008C20",
      "Huawei AR1200-S V200R008C30",
      "Huawei AR150 V200R007C00",
      "Huawei AR150-S V200R006C10",
      "Huawei AR150-S V200R007C00",
      "Huawei AR150-S V200R008C20",
      "Huawei AR150-S V200R008C30",
      "Huawei AR160 V200R007C00",
      "Huawei AR200 V200R008C20",
      "Huawei AR200-S V200R006C10",
      "Huawei AR200-S V200R007C00",
      "Huawei AR200-S V200R008C20",
      "Huawei AR200-S V200R008C30",
      "Huawei AR2200 V200R007C00",
      "Huawei AR510 V200R006C10",
      "Huawei NetEngine16EX V200R006C10",
      "Huawei SRG1300 V200R006C10",
      "Huawei SRG2300 V200R006C10",
      "Huawei SRG3300 V200R006C10",
      "Huawei AR2200-S V200R006C10",
      "Huawei AR2200-S V200R007C00",
      "Huawei AR2200-S V200R008C20",
      "Huawei AR2200-S V200R008C30",
      "Huawei RP200 V500R002C00SPC200",
      "Huawei TE50 V500R002C00SPC600",
      "Huawei AR1200-S V200R005C32",
      "Huawei AR200-S V200R005C32",
      "Huawei AR2200-S V200R005C20",
      "Huawei AR2200-S V200R005C32",
      "Huawei ViewPoint 9030 V100R011C03SPC100",
      "Huawei AR100 V200R008C20SPC700",
      "Huawei AR100 V200R008C20SPC700PWE",
      "Huawei AR100 V200R008C20SPC800",
      "Huawei AR100 V200R008C20SPC800PWE",
      "Huawei AR100 V200R008C30",
      "Huawei AR100-S V200R007C00SPCa00",
      "Huawei AR100-S V200R007C00SPCb00",
      "Huawei AR100-S V200R008C20",
      "Huawei AR100-S V200R008C20SPC700",
      "Huawei AR100-S V200R008C20SPC800",
      "Huawei AR100-S V200R008C20SPC800PWE",
      "Huawei AR100-S V200R008C30",
      "Huawei AR110-S V200R007C00SPC600",
      "Huawei AR110-S V200R007C00SPC900",
      "Huawei AR110-S V200R007C00SPCb00",
      "Huawei AR110-S V200R008C20SPC800",
      "Huawei AR110-S V200R008C30",
      "Huawei AR120 V200R006C10SPC300",
      "Huawei AR120 V200R006C10SPC300PWE",
      "Huawei AR120 V200R007C00PWE",
      "Huawei AR120 V200R007C00SPC100",
      "Huawei AR120 V200R007C00SPC200",
      "Huawei AR120 V200R007C00SPC600",
      "Huawei AR120 V200R007C00SPC600PWE",
      "Huawei AR120 V200R007C00SPC900",
      "Huawei AR120 V200R007C00SPC900PWE",
      "Huawei AR120 V200R007C00SPCb00",
      "Huawei AR120 V200R007C00SPCb00PWE",
      "Huawei AR120 V200R008C20SPC700",
      "Huawei AR120 V200R008C20SPC800"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171206-01-h323-cn",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-07",
  "title": "\u591a\u6b3e\u534e\u4e3a\u4ea7\u54c1H323\u534f\u8bae\u8f93\u5165\u6821\u9a8c\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.