CVE-2017-17312

EPSS 0.12%
Veröffentlicht 21.08.2018 13:29:00
Zuletzt bearbeitet 21.11.2024 03:17:48
Quelle psirt@huawei.com
Teams Watchlist Login
Unerledigt Login

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ Usg2205bsr Firmware Versionv300r001c10spc600

Huawei ≫ Usg2205bsr Version-

Huawei ≫ Usg2220bsr Firmware Versionv300r001c00

Huawei ≫ Usg2220bsr Version-

Huawei ≫ Usg5120bsr Firmware Versionv300r001c00

Huawei ≫ Usg5120bsr Version-

Huawei ≫ Usg5150bsr Firmware Versionv300r001c00

Huawei ≫ Usg5150bsr Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.277

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180813-01-Bleichenbacher-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-17312

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-17312

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-17312

EUVD