6.5

CVE-2017-17170

The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900.

Data is provided by the National Vulnerability Database (NVD)
HuaweiDp300 Firmware Versionv500r002c00
   HuaweiDp300 Version-
HuaweiDp300 Firmware Versionv500r002c00b010
   HuaweiDp300 Version-
HuaweiDp300 Firmware Versionv500r002c00b011
   HuaweiDp300 Version-
HuaweiDp300 Firmware Versionv500r002c00b012
   HuaweiDp300 Version-
HuaweiDp300 Firmware Versionv500r002c00b013
   HuaweiDp300 Version-
HuaweiDp300 Firmware Versionv500r002c00b014
   HuaweiDp300 Version-
HuaweiDp300 Firmware Versionv500r002c00b017
   HuaweiDp300 Version-
HuaweiDp300 Firmware Versionv500r002c00b018
   HuaweiDp300 Version-
HuaweiDp300 Firmware Versionv500r002c00spc100
   HuaweiDp300 Version-
HuaweiDp300 Firmware Versionv500r002c00spc200
   HuaweiDp300 Version-
HuaweiDp300 Firmware Versionv500r002c00spc300
   HuaweiDp300 Version-
HuaweiDp300 Firmware Versionv500r002c00spc400
   HuaweiDp300 Version-
HuaweiDp300 Firmware Versionv500r002c00spc500
   HuaweiDp300 Version-
HuaweiDp300 Firmware Versionv500r002c00spc600
   HuaweiDp300 Version-
HuaweiDp300 Firmware Versionv500r002c00spc800
   HuaweiDp300 Version-
HuaweiDp300 Firmware Versionv500r002c00spc900
   HuaweiDp300 Version-
HuaweiDp300 Firmware Versionv500r002c00spca00
   HuaweiDp300 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.2% 0.395
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 1.2 5.2
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:N/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.