CVE-2017-17317 — LOW (3.7) — White Hats Nepal

Vulnerability Description

Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00 has a buffer overflow vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation, successful exploit may cause some services abnormal.

CVSS Score

3.7

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Huawei	Dp300 Firmware	v500r002c00
Huawei	Dp300	-
Huawei	Rp200 Firmware	v500r002c00
Huawei	Rp200	-
Huawei	Te30 Firmware	v100r001c02
Huawei	Te30	-
Huawei	Te40 Firmware	v500r002c00
Huawei	Te40	-
Huawei	Te50 Firmware	v500r002c00
Huawei	Te50	-
Huawei	Te60 Firmware	v100r001c01
Huawei	Te60	-

Related Weaknesses (CWE)

CWE-119

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180630-01-cops-eVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180630-01-cops-eVendor Advisory

FAQ

What is CVE-2017-17317?

CVE-2017-17317 is a vulnerability with a CVSS score of 3.7 (LOW). Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C2...

How severe is CVE-2017-17317?

CVE-2017-17317 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-17317?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Dp300 Firmware, Huawei Dp300, Huawei Rp200 Firmware, Huawei Rp200, Huawei Te30 Firmware.