CVE-2017-17222 — HIGH (8.8)

Vulnerability Description

Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Espace 7950 Firmware	v200r003c30
Huawei	Espace 7950	-
Huawei	Espace 8950 Firmware	v200r003c00
Huawei	Espace 8950	-

Related Weaknesses (CWE)

CWE-20

References

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-esVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-esVendor Advisory

FAQ

What is CVE-2017-17222?

CVE-2017-17222 is a vulnerability with a CVSS score of 8.8 (HIGH). Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send...

How severe is CVE-2017-17222?

CVE-2017-17222 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-17222?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Espace 7950 Firmware, Huawei Espace 7950, Huawei Espace 8950 Firmware, Huawei Espace 8950.