CVE-2017-15327
https://notcve.org/view.php?id=CVE-2017-15327
S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure. S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00 y V200R010C00 tienen una vulnerabilidad de autorización incorrecta en productos switch de Huawei. El sistema realiza de manera errónea una comprobación de autorización cuando un usuario normal intenta acceder a cierta información a la que se supone que solo pueden acceder los usuarios autenticados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-8786
https://notcve.org/view.php?id=CVE-2016-8786
Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00 have a denial of service (DoS) vulnerability. Due to the lack of input validation, a remote attacker may craft a malformed Resource Reservation Protocol (RSVP) packet and send it to the device, causing a few buffer overflows and occasional device restart. Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00 y V200R008C00 tienen una vulnerabilidad de denegación de servicio (DoS). Debido a la falta de validación de entradas, un atacante remoto podría manipular un paquete RSVP (Resource Reservation Protocol) mal formado y enviarlo al dispositivo, lo que provocaría unos pocos desbordamientos de búfer y reincios ocasionales del dispositivo. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161228-01-rsvp-en http://www.securityfocus.com/bid/95139 • CWE-20: Improper Input Validation •
CVE-2017-17141
https://notcve.org/view.php?id=CVE-2017-17141
Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T; V200R008C00; V200R009C00;S3700 V100R006C03;S5700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R003C02; V200R005C00; V200R005C01; V200R005C02; V200R005C03; V200R006C00; V200R007C00; V200R008C00; V200R009C00;S6700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R005C01; V200R005C02; V200R008C00; V200R009C00;S7700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R006C01; V200R007C00; V200R007C01; V200R008C00; V200R008C06; V200R009C00;S9700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R008C00; V200R009C00 have a memory leak vulnerability. In some specific conditions, if attackers send specific malformed MPLS Service PING messages to the affected products, products do not release the memory when handling the packets. So successful exploit will result in memory leak of the affected products. Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T; V200R008C00; V200R009C00;S3700 V100R006C03;S5700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R003C02; V200R005C00; V200R005C01; V200R005C02; V200R005C03; V200R006C00; V200R007C00; V200R008C00; V200R009C00;S6700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R005C01; V200R005C02; V200R008C00; V200R009C00;S7700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R006C01; V200R007C00; V200R007C01; V200R008C00; V200R008C06; V200R009C00;S9700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R008C00; V200R009C00 tienen una vulnerabilidad de filtrado de información. En algunas condiciones específicas, si los atacantes envían mensajes PING MPLS Service especialmente mal formados a los productos afectados, estos no liberan la memoria al gestionar los paquetes. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-mpls-en • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2017-15333
https://notcve.org/view.php?id=CVE-2017-15333
XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks. El analizador XML en Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221 y V100R004C10SPC400 tiene una vulnerabilidad de denegación de servicio. Un atacante podría manipular archivos XML específicos para los productos afectados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en • CWE-20: Improper Input Validation •
CVE-2017-15346
https://notcve.org/view.php?id=CVE-2017-15346
XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks. El analizador XML en Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221 y V100R004C10SPC400 tiene una vulnerabilidad de denegación de servicio. Un atacante podría manipular archivos XML específicos para los productos afectados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en • CWE-20: Improper Input Validation •