CVE-2017-17290 — HIGH (7.5)

Vulnerability Description

The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with software V600R006C00, ViewPoint 9030 with software V100R011C02, V100R011C03 have a resource management errors vulnerability. An unauthenticated, remote attacker may make the LDAP server not respond to the client's request by controlling the LDAP server. Due to improper management of LDAP connection resource, a successful exploit may cause the connection resource exhausted of the LDAP client.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Te60 Firmware	v600r006c00
Huawei	Te60	-
Huawei	Viewpoint 9030 Firmware	v100r011c02
Huawei	Viewpoint 9030	-

Related Weaknesses (CWE)

CWE-400

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-ldap-enVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-ldap-enVendor Advisory

FAQ

What is CVE-2017-17290?

CVE-2017-17290 is a vulnerability with a CVSS score of 7.5 (HIGH). The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with software V600R006C00, ViewPoint 9030 with software V100R011C02, V100R011C03 have a resource management errors vulnerability. An u...

How severe is CVE-2017-17290?

CVE-2017-17290 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-17290?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Te60 Firmware, Huawei Te60, Huawei Viewpoint 9030 Firmware, Huawei Viewpoint 9030.