5.5

CVE-2017-17150

Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS vulnerability due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to launch DOS attack.

Data is provided by the National Vulnerability Database (NVD)
HuaweiDp300 Firmware Versionv500r002c00
   HuaweiDp300 Version-
HuaweiRp200 Firmware Versionv500r002c00
   HuaweiRp200 Version-
HuaweiRp200 Firmware Versionv600r006c00
   HuaweiRp200 Version-
HuaweiTe30 Firmware Versionv100r001c10
   HuaweiTe30 Version-
HuaweiTe30 Firmware Versionv500r002c00
   HuaweiTe30 Version-
HuaweiTe30 Firmware Versionv600r006c00
   HuaweiTe30 Version-
HuaweiTe40 Firmware Versionv500r002c00
   HuaweiTe40 Version-
HuaweiTe40 Firmware Versionv600r006c00
   HuaweiTe40 Version-
HuaweiTe50 Firmware Versionv500r002c00
   HuaweiTe50 Version-
HuaweiTe50 Firmware Versionv600r006c00
   HuaweiTe50 Version-
HuaweiTe60 Firmware Versionv100r001c10
   HuaweiTe60 Version-
HuaweiTe60 Firmware Versionv500r002c00
   HuaweiTe60 Version-
HuaweiTe60 Firmware Versionv600r006c00
   HuaweiTe60 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.02% 0.031
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.