var-201803-1039
Vulnerability from variot
Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash. plural Huawei eSpace The product contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huaweie7910, 7950, and 8950 are the 7910, 7950, and 8950 series IP phones from China. The vulnerability was caused by the device failing to adequately verify the URL address. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks. The following products and versions are affected: Huawei eSpace 7910 V200R003C30 version; eSpace 7950 V200R003C30 version; eSpace 8950 V200R003C00 version, V200R003C30 version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "espace 7910",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v200r003c30"
},
{
"model": "espace 7950",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v200r003c30"
},
{
"model": "espace 8950",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v200r003c00"
},
{
"model": "espace 8950",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v200r003c30"
},
{
"model": "espace v200r003c30",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "7950"
},
{
"model": "espace v200r003c00",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "8950"
},
{
"model": "espace v200r003c30",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "8950"
},
{
"model": "espace v200r003c30",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "7910"
},
{
"model": "espace v200r003c30spc300",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "8950"
},
{
"model": "espace v200r003c00spcr00",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "8950"
},
{
"model": "espace v200r003c30spc700",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "7950"
},
{
"model": "espace v200r003c30spc700",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "7910"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02551"
},
{
"db": "BID",
"id": "103446"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012797"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-302"
},
{
"db": "NVD",
"id": "CVE-2017-17223"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:espace_7910",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:huawei:espace_7950",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:huawei:espace_8950",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012797"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "103446"
}
],
"trust": 0.3
},
"cve": "CVE-2017-17223",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-17223",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-02551",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-108224",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-17223",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17223",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-17223",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-02551",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-302",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-108224",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02551"
},
{
"db": "VULHUB",
"id": "VHN-108224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012797"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-302"
},
{
"db": "NVD",
"id": "CVE-2017-17223"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash. plural Huawei eSpace The product contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huaweie7910, 7950, and 8950 are the 7910, 7950, and 8950 series IP phones from China. The vulnerability was caused by the device failing to adequately verify the URL address. \nRemote attackers can use specially crafted requests with directory-traversal sequences (\u0027../\u0027) to read arbitrary files in the context of the application. This may aid in further attacks. The following products and versions are affected: Huawei eSpace 7910 V200R003C30 version; eSpace 7950 V200R003C30 version; eSpace 8950 V200R003C00 version, V200R003C30 version",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012797"
},
{
"db": "CNVD",
"id": "CNVD-2018-02551"
},
{
"db": "BID",
"id": "103446"
},
{
"db": "VULHUB",
"id": "VHN-108224"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17223",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012797",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-02551",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-302",
"trust": 0.6
},
{
"db": "BID",
"id": "103446",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-108224",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02551"
},
{
"db": "VULHUB",
"id": "VHN-108224"
},
{
"db": "BID",
"id": "103446"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012797"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-302"
},
{
"db": "NVD",
"id": "CVE-2017-17223"
}
]
},
"id": "VAR-201803-1039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02551"
},
{
"db": "VULHUB",
"id": "VHN-108224"
}
],
"trust": 1.42
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02551"
}
]
},
"last_update_date": "2024-11-23T22:34:19.538000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20180131-02-espace",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-en"
},
{
"title": "HuaweieSpace product catalog traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/115319"
},
{
"title": "Huawei eSpace 7910 , 7950 and 8950 Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79024"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02551"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012797"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-302"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012797"
},
{
"db": "NVD",
"id": "CVE-2017-17223"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17223"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17223"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-cn"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02551"
},
{
"db": "VULHUB",
"id": "VHN-108224"
},
{
"db": "BID",
"id": "103446"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012797"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-302"
},
{
"db": "NVD",
"id": "CVE-2017-17223"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-02551"
},
{
"db": "VULHUB",
"id": "VHN-108224"
},
{
"db": "BID",
"id": "103446"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012797"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-302"
},
{
"db": "NVD",
"id": "CVE-2017-17223"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02551"
},
{
"date": "2018-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-108224"
},
{
"date": "2018-01-31T00:00:00",
"db": "BID",
"id": "103446"
},
{
"date": "2018-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012797"
},
{
"date": "2018-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-302"
},
{
"date": "2018-03-09T17:29:01.347000",
"db": "NVD",
"id": "CVE-2017-17223"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02551"
},
{
"date": "2018-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-108224"
},
{
"date": "2018-01-31T00:00:00",
"db": "BID",
"id": "103446"
},
{
"date": "2018-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012797"
},
{
"date": "2018-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-302"
},
{
"date": "2024-11-21T03:17:41.670000",
"db": "NVD",
"id": "CVE-2017-17223"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-302"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei eSpace Path traversal vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012797"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-302"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…