cnvd - cnvd-2018-02550

cnvd-2018-02550

Vulnerability from cnvd

Title: Huawei eSpace 7950和8950远程代码执行漏洞（CNVD-2018-02550）

Description:

Huawei eSpace 7950和8950都是中国华为（Huawei）公司的7950和8950系列IP话机产品。

Huawei eSpace 7950和8950的导入信号音功能和导入语言包功能存在远程代码执行漏洞，该漏洞是由于程序未能对报文进行充分校验。远程攻击者在上传信号音或语言包后，通过发送含有特殊参数的报文向设备发起攻击，导致任意代码执行。

Severity: 高

Patch Name: Huawei eSpace 7950和8950远程代码执行漏洞（CNVD-2018-02550）的补丁

Patch Description:

Huawei eSpace 7950和8950都是中国华为（Huawei）公司的7950和8950系列IP话机产品。

Huawei eSpace 7950和8950的导入信号音功能和导入语言包功能存在远程代码执行漏洞，该漏洞是由于程序未能对报文进行充分校验。远程攻击者在上传信号音或语言包后，通过发送含有特殊参数的报文向设备发起攻击，导致任意代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-cn

Reference: http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-cn

Impacted products

Name
['Huawei eSpace 7950 V200R003C30', 'Huawei eSpace 8950 V200R003C00', 'Huawei eSpace 8950 V200R003C30']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-17222"
    }
  },
  "description": "Huawei eSpace 7950\u548c8950\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u76847950\u548c8950\u7cfb\u5217IP\u8bdd\u673a\u4ea7\u54c1\u3002\r\n\r\nHuawei eSpace 7950\u548c8950\u7684\u5bfc\u5165\u4fe1\u53f7\u97f3\u529f\u80fd\u548c\u5bfc\u5165\u8bed\u8a00\u5305\u529f\u80fd\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5bf9\u62a5\u6587\u8fdb\u884c\u5145\u5206\u6821\u9a8c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5728\u4e0a\u4f20\u4fe1\u53f7\u97f3\u6216\u8bed\u8a00\u5305\u540e\uff0c\u901a\u8fc7\u53d1\u9001\u542b\u6709\u7279\u6b8a\u53c2\u6570\u7684\u62a5\u6587\u5411\u8bbe\u5907\u53d1\u8d77\u653b\u51fb\uff0c\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-02550",
  "openTime": "2018-02-01",
  "patchDescription": "Huawei eSpace 7950\u548c8950\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u76847950\u548c8950\u7cfb\u5217IP\u8bdd\u673a\u4ea7\u54c1\u3002\r\n\r\nHuawei eSpace 7950\u548c8950\u7684\u5bfc\u5165\u4fe1\u53f7\u97f3\u529f\u80fd\u548c\u5bfc\u5165\u8bed\u8a00\u5305\u529f\u80fd\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5bf9\u62a5\u6587\u8fdb\u884c\u5145\u5206\u6821\u9a8c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5728\u4e0a\u4f20\u4fe1\u53f7\u97f3\u6216\u8bed\u8a00\u5305\u540e\uff0c\u901a\u8fc7\u53d1\u9001\u542b\u6709\u7279\u6b8a\u53c2\u6570\u7684\u62a5\u6587\u5411\u8bbe\u5907\u53d1\u8d77\u653b\u51fb\uff0c\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei eSpace 7950\u548c8950\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-02550\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei eSpace 7950 V200R003C30",
      "Huawei eSpace 8950 V200R003C00",
      "Huawei eSpace 8950 V200R003C30"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-cn",
  "serverity": "\u9ad8",
  "submitTime": "2018-02-01",
  "title": "Huawei eSpace 7950\u548c8950\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-02550\uff09"
}

CVE-2017-17222 (GCVE-0-2017-17222)

Vulnerability from cvelistv5

Published

2018-03-09 17:00

Modified

2024-08-05 20:43

Severity ?

CWE

remote code execution

Summary

Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code.

References

▼	URL	Tags
	http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	eSpace 7950; eSpace 8950	Version: eSpace 7950 V200R003C30 Version: eSpace 8950 V200R003C00 Version: V200R003C30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:43:59.913Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "eSpace 7950; eSpace 8950",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "eSpace 7950 V200R003C30"
            },
            {
              "status": "affected",
              "version": "eSpace 8950 V200R003C00"
            },
            {
              "status": "affected",
              "version": "V200R003C30"
            }
          ]
        }
      ],
      "datePublic": "2018-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-09T16:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-17222",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "eSpace 7950; eSpace 8950",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "eSpace 7950 V200R003C30"
                          },
                          {
                            "version_value": "eSpace 8950 V200R003C00"
                          },
                          {
                            "version_value": "V200R003C30"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2017-17222",
    "datePublished": "2018-03-09T17:00:00",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-08-05T20:43:59.913Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted