CVE-2017-17288

EPSS 0.15%
Veröffentlicht 15.02.2018 16:29:02
Zuletzt bearbeitet 21.11.2024 03:17:45
Quelle psirt@huawei.com
Teams Watchlist Login
Unerledigt Login

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. An unauthenticated, remote attacker may send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause integer overflow and some process abnormal.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ Dp300 Firmware Versionv500r002c00

Huawei ≫ Dp300 Version-

Huawei ≫ Rp200 Firmware Versionv500r002c00

Huawei ≫ Rp200 Version-

Huawei ≫ Rp200 Firmware Versionv600r006c00

Huawei ≫ Rp200 Version-

Huawei ≫ Te30 Firmware Versionv100r001c10

Huawei ≫ Te30 Version-

Huawei ≫ Te30 Firmware Versionv500r002c00

Huawei ≫ Te30 Version-

Huawei ≫ Te30 Firmware Versionv600r006c00

Huawei ≫ Te30 Version-

Huawei ≫ Te40 Firmware Versionv500r002c00

Huawei ≫ Te40 Version-

Huawei ≫ Te40 Firmware Versionv600r006c00

Huawei ≫ Te40 Version-

Huawei ≫ Te50 Firmware Versionv500r002c00

Huawei ≫ Te50 Version-

Huawei ≫ Te50 Firmware Versionv600r006c00

Huawei ≫ Te50 Version-

Huawei ≫ Te60 Firmware Versionv100r001c10

Huawei ≫ Te60 Version-

Huawei ≫ Te60 Firmware Versionv500r002c00

Huawei ≫ Te60 Version-

Huawei ≫ Te60 Firmware Versionv600r006c00

Huawei ≫ Te60 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.326

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180131-01-integer-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-17288

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-17288

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-17288

EUVD