var-201803-1322
Vulnerability from variot
Huawei DP300 V500R002C00 have an integer overflow vulnerability due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks. Huawei DP300 Contains an integer overflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 is a video conferencing terminal of China's Huawei company. The HuaweiDP300XML parser has an integer overflow vulnerability, which is due to the XML parser not fully verifying the received content. Multiple Huawei Products are prone to multiple local integer-overflow vulnerabilities. An attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. Due to the nature of this issue, code execution may be possible but this has not been confirmed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1322",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dp300",
"scope": "eq",
"trust": 1.4,
"vendor": "huawei",
"version": "v500r002c00"
},
{
"model": "dp300",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v500r002c00"
},
{
"model": "dp300 v500r002c00",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "dp300 v500r002c00spcb00",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38451"
},
{
"db": "BID",
"id": "103411"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012872"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-326"
},
{
"db": "NVD",
"id": "CVE-2017-17147"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:dp300_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012872"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "103411"
}
],
"trust": 0.3
},
"cve": "CVE-2017-17147",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-17147",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "CNVD-2017-38451",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-108140",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2017-17147",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17147",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-17147",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-38451",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-326",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-108140",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38451"
},
{
"db": "VULHUB",
"id": "VHN-108140"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012872"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-326"
},
{
"db": "NVD",
"id": "CVE-2017-17147"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei DP300 V500R002C00 have an integer overflow vulnerability due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks. Huawei DP300 Contains an integer overflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 is a video conferencing terminal of China\u0027s Huawei company. The HuaweiDP300XML parser has an integer overflow vulnerability, which is due to the XML parser not fully verifying the received content. Multiple Huawei Products are prone to multiple local integer-overflow vulnerabilities. \nAn attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. Due to the nature of this issue, code execution may be possible but this has not been confirmed",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012872"
},
{
"db": "CNVD",
"id": "CNVD-2017-38451"
},
{
"db": "BID",
"id": "103411"
},
{
"db": "VULHUB",
"id": "VHN-108140"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17147",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012872",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-326",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-38451",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "39157",
"trust": 0.6
},
{
"db": "BID",
"id": "103411",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-108140",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38451"
},
{
"db": "VULHUB",
"id": "VHN-108140"
},
{
"db": "BID",
"id": "103411"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012872"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-326"
},
{
"db": "NVD",
"id": "CVE-2017-17147"
}
]
},
"id": "VAR-201803-1322",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38451"
},
{
"db": "VULHUB",
"id": "VHN-108140"
}
],
"trust": 1.6734042
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38451"
}
]
},
"last_update_date": "2024-11-23T23:12:14.040000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20171215-01-xml ",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-xml-en"
},
{
"title": "HuaweiDP300XML parser integer overflow vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/112079"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38451"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012872"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108140"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012872"
},
{
"db": "NVD",
"id": "CVE-2017-17147"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-xml-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17147"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17147"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171215-01-xml-cn"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/39157"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38451"
},
{
"db": "VULHUB",
"id": "VHN-108140"
},
{
"db": "BID",
"id": "103411"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012872"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-326"
},
{
"db": "NVD",
"id": "CVE-2017-17147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-38451"
},
{
"db": "VULHUB",
"id": "VHN-108140"
},
{
"db": "BID",
"id": "103411"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012872"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-326"
},
{
"db": "NVD",
"id": "CVE-2017-17147"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38451"
},
{
"date": "2018-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-108140"
},
{
"date": "2017-12-15T00:00:00",
"db": "BID",
"id": "103411"
},
{
"date": "2018-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012872"
},
{
"date": "2017-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-326"
},
{
"date": "2018-03-09T17:29:00.437000",
"db": "NVD",
"id": "CVE-2017-17147"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38451"
},
{
"date": "2018-03-29T00:00:00",
"db": "VULHUB",
"id": "VHN-108140"
},
{
"date": "2017-12-15T00:00:00",
"db": "BID",
"id": "103411"
},
{
"date": "2018-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012872"
},
{
"date": "2018-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-326"
},
{
"date": "2024-11-21T03:17:34.890000",
"db": "NVD",
"id": "CVE-2017-17147"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "103411"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-326"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei DP300 Integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012872"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-326"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…