CVE-2017-17250

EPSS 0.17%
Published 09.03.2018 17:29:01
Last modified 21.11.2024 03:17:42
Source psirt@huawei.com
Teams watchlist Login
Open Login

Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ Ar120-s Firmware Versionv200r005c32

Huawei ≫ Ar120-s Version-

Huawei ≫ Ar1200 Firmware Versionv200r005c32

Huawei ≫ Ar1200 Version-

Huawei ≫ Ar1200-s Firmware Versionv200r005c32

Huawei ≫ Ar1200-s Version-

Huawei ≫ Ar150 Firmware Versionv200r005c32

Huawei ≫ Ar150 Version-

Huawei ≫ Ar160 Firmware Versionv200r005c32

Huawei ≫ Ar160 Version-

Huawei ≫ Ar200 Firmware Versionv200r005c32

Huawei ≫ Ar200 Version-

Huawei ≫ Ar200-s Firmware Versionv200r005c32

Huawei ≫ Ar200-s Version-

Huawei ≫ Ar150-s Firmware Versionv200r005c32

Huawei ≫ Ar150-s Version-

Huawei ≫ Ar2200-s Firmware Versionv200r005c32

Huawei ≫ Ar2200-s Version-

Huawei ≫ Ar3200 Firmware Versionv200r005c32

Huawei ≫ Ar3200 Version-

Huawei ≫ Ar3200 Firmware Versionv200r007c00

Huawei ≫ Ar3200 Version-

Huawei ≫ Ar510 Firmware Versionv200r005c32

Huawei ≫ Ar510 Version-

Huawei ≫ Netengine16ex Firmware Versionv200r005c32

Huawei ≫ Netengine16ex Version-

Huawei ≫ S12700 Firmware Versionv200r007c00

Huawei ≫ S12700 Version-

Huawei ≫ S12700 Firmware Versionv200r007c01

Huawei ≫ S12700 Version-

Huawei ≫ S12700 Firmware Versionv200r008c00

Huawei ≫ S12700 Version-

Huawei ≫ S2700 Firmware Versionv200r006c10

Huawei ≫ S2700 Version-

Huawei ≫ S2700 Firmware Versionv200r007c00

Huawei ≫ S2700 Version-

Huawei ≫ S2700 Firmware Versionv200r008c00

Huawei ≫ S2700 Version-

Huawei ≫ S5700 Firmware Versionv200r007c00

Huawei ≫ S5700 Version-

Huawei ≫ S5700 Firmware Versionv200r008c00

Huawei ≫ S5700 Version-

Huawei ≫ S6700 Firmware Versionv200r008c00

Huawei ≫ S6700 Version-

Huawei ≫ S7700 Firmware Versionv200r007c00

Huawei ≫ S7700 Version-

Huawei ≫ S7700 Firmware Versionv200r008c00

Huawei ≫ S7700 Version-

Huawei ≫ S9700 Firmware Versionv200r007c00

Huawei ≫ S9700 Version-

Huawei ≫ S9700 Firmware Versionv200r007c01

Huawei ≫ S9700 Version-

Huawei ≫ S9700 Firmware Versionv200r008c00

Huawei ≫ S9700 Version-

Huawei ≫ Srg1300 Firmware Versionv200r005c32

Huawei ≫ Srg1300 Version-

Huawei ≫ Srg2300 Firmware Versionv200r005c32

Huawei ≫ Srg2300 Version-

Huawei ≫ Srg3300 Firmware Versionv200r005c32

Huawei ≫ Srg3300 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.355

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-17250

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-17250

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-17250

EUVD