CVE-2017-17317
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00 has a buffer overflow vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation, successful exploit may cause some services abnormal.
El módulo COPS (Common Open Policy Service Protocol) en dispositivos Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00 y V600R006C00 tiene una vulnerabilidad de desbordamiento de búfer. Un atacante remoto no autenticado debe controlar el dispositivo del mismo nivel y enviar mensajes especialmente manipulados a los productos afectados. Dada la validación de entradas insuficiente, su explotación con éxito podría provocar el funcionamiento erróneo de algunos servicios.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-04 CVE Reserved
- 2018-07-02 CVE Published
- 2024-05-11 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180630-01-cops-en | 2018-08-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Huawei Search vendor "Huawei" | Dp300 Firmware Search vendor "Huawei" for product "Dp300 Firmware" | v500r002c00 Search vendor "Huawei" for product "Dp300 Firmware" and version "v500r002c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | Dp300 Search vendor "Huawei" for product "Dp300" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Rp200 Firmware Search vendor "Huawei" for product "Rp200 Firmware" | v500r002c00 Search vendor "Huawei" for product "Rp200 Firmware" and version "v500r002c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | Rp200 Search vendor "Huawei" for product "Rp200" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Rp200 Firmware Search vendor "Huawei" for product "Rp200 Firmware" | v600r006c00 Search vendor "Huawei" for product "Rp200 Firmware" and version "v600r006c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | Rp200 Search vendor "Huawei" for product "Rp200" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Te30 Firmware Search vendor "Huawei" for product "Te30 Firmware" | v100r001c02 Search vendor "Huawei" for product "Te30 Firmware" and version "v100r001c02" | - |
Affected
| in | Huawei Search vendor "Huawei" | Te30 Search vendor "Huawei" for product "Te30" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Te30 Firmware Search vendor "Huawei" for product "Te30 Firmware" | v100r001c10 Search vendor "Huawei" for product "Te30 Firmware" and version "v100r001c10" | - |
Affected
| in | Huawei Search vendor "Huawei" | Te30 Search vendor "Huawei" for product "Te30" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Te30 Firmware Search vendor "Huawei" for product "Te30 Firmware" | v500r002c00 Search vendor "Huawei" for product "Te30 Firmware" and version "v500r002c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | Te30 Search vendor "Huawei" for product "Te30" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Te30 Firmware Search vendor "Huawei" for product "Te30 Firmware" | v600r006c00 Search vendor "Huawei" for product "Te30 Firmware" and version "v600r006c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | Te30 Search vendor "Huawei" for product "Te30" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Te40 Firmware Search vendor "Huawei" for product "Te40 Firmware" | v500r002c00 Search vendor "Huawei" for product "Te40 Firmware" and version "v500r002c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | Te40 Search vendor "Huawei" for product "Te40" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Te40 Firmware Search vendor "Huawei" for product "Te40 Firmware" | v600r006c00 Search vendor "Huawei" for product "Te40 Firmware" and version "v600r006c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | Te40 Search vendor "Huawei" for product "Te40" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Te50 Firmware Search vendor "Huawei" for product "Te50 Firmware" | v500r002c00 Search vendor "Huawei" for product "Te50 Firmware" and version "v500r002c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | Te50 Search vendor "Huawei" for product "Te50" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Te50 Firmware Search vendor "Huawei" for product "Te50 Firmware" | v600r006c00 Search vendor "Huawei" for product "Te50 Firmware" and version "v600r006c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | Te50 Search vendor "Huawei" for product "Te50" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Te60 Firmware Search vendor "Huawei" for product "Te60 Firmware" | v100r001c01 Search vendor "Huawei" for product "Te60 Firmware" and version "v100r001c01" | - |
Affected
| in | Huawei Search vendor "Huawei" | Te60 Search vendor "Huawei" for product "Te60" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Te60 Firmware Search vendor "Huawei" for product "Te60 Firmware" | v100r001c10 Search vendor "Huawei" for product "Te60 Firmware" and version "v100r001c10" | - |
Affected
| in | Huawei Search vendor "Huawei" | Te60 Search vendor "Huawei" for product "Te60" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Te60 Firmware Search vendor "Huawei" for product "Te60 Firmware" | v500r002c00 Search vendor "Huawei" for product "Te60 Firmware" and version "v500r002c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | Te60 Search vendor "Huawei" for product "Te60" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Te60 Firmware Search vendor "Huawei" for product "Te60 Firmware" | v600r006c00 Search vendor "Huawei" for product "Te60 Firmware" and version "v600r006c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | Te60 Search vendor "Huawei" for product "Te60" | - | - |
Safe
|