7.8

CVE-2017-17300

Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00, V200R009C00, S6700 V200R008C00, V200R009C00, S7700 V200R008C00, V200R009C00, S9700 V200R008C00, V200R009C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specific TCP messages with keychain authentication option to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause the affected products to reset.

Data is provided by the National Vulnerability Database (NVD)
HuaweiS12700 Firmware Versionv200r008c00
   HuaweiS12700 Version-
HuaweiS12700 Firmware Versionv200r009c00
   HuaweiS12700 Version-
HuaweiS5700 Firmware Versionv200r007c00
   HuaweiS5700 Version-
HuaweiS5700 Firmware Versionv200r008c00
   HuaweiS5700 Version-
HuaweiS5700 Firmware Versionv200r009c00
   HuaweiS5700 Version-
HuaweiS6700 Firmware Versionv200r008c00
   HuaweiS6700 Version-
HuaweiS6700 Firmware Versionv200r009c00
   HuaweiS6700 Version-
HuaweiS7700 Firmware Versionv200r008c00
   HuaweiS7700 Version-
HuaweiS7700 Firmware Versionv200r009c00
   HuaweiS7700 Version-
HuaweiS9700 Firmware Versionv200r008c00
   HuaweiS9700 Version-
HuaweiS9700 Firmware Versionv200r009c00
   HuaweiS9700 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.42% 0.59
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.