CVE-2017-17304 Information
Description
The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00 V500R002C00B010 V500R002C00B011 V500R002C00B012 V500R002C00B013 V500R002C00B014 V500R002C00B017 V500R002C00B018 V500R002C00SPC100 V500R002C00SPC200 V500R002C00SPC300 V500R002C00SPC400 V500R002C00SPC500 V500R002C00SPC600 V500R002C00SPC800 V500R002C00SPC900 V500R002C00SPCa00; RP200 versions V500R002C00SPC200 V600R006C00 V600R006C00SPC200 V600R006C00SPC300 V600R006C00SPC400 V600R006C00SPC500; TE30 versions V100R001C10SPC300 V100R001C10SPC500 V100R001C10SPC600 V100R001C10SPC700B010 V500R002C00SPC200 V500R002C00SPC500 V500R002C00SPC600 V500R002C00SPC700 V500R002C00SPC900 V500R002C00SPCb00 V600R006C00 V600R006C00SPC200 V600R006C00SPC300 V600R006C00SPC400 V600R006C00SPC500; TE40 versions V500R002C00SPC600 V500R002C00SPC700 V500R002C00SPC900 V500R002C00SPCb00 V600R006C00 V600R006C00SPC200 V600R006C00SPC300 V600R006C00SPC400 V600R006C00SPC500; TE50 versions V500R002C00SPC600 V500R002C00SPC700 V500R002C00SPCb00 V600R006C00 V600R006C00SPC200 V600R006C00SPC300 V600R006C00SPC400 V600R006C00SPC500; TE60 versions V100R001C10 V100R001C10B001 V100R001C10B002 V100R001C10B010 V100R001C10B011 V100R001C10B012 V100R001C10B013 V100R001C10B014 V100R001C10B016 V100R001C10B017 V100R001C10B018 V100R001C10B019 V100R001C10SPC400 V100R001C10SPC500 V100R001C10SPC600 V100R001C10SPC700 V100R001C10SPC800B011 V100R001C10SPC900 V500R002C00 V500R002C00B010 V500R002C00B011 V500R002C00SPC100 V500R002C00SPC200 V500R002C00SPC300 V500R002C00SPC600 V500R002C00SPC700 V500R002C00SPC800 V500R002C00SPC900 V500R002C00SPCa00 V500R002C00SPCb00 V500R002C00SPCd00 V500R002C00SPCe00 V600R006C00 V600R006C00SPC100 V600R006C00SPC200 V600R006C00SPC300 V600R006C00SPC400 V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Reference
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
HIGH
Base Severity
6.5
Share on: