CVE-2017-2722 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD with software V100R004C10,eSpace 7950 with software V200R003C00 and V200R003C30,eSpace IAD with software V300R001C07SPCa00 and V300R002C01SPCb00,eSpace U1981 with software V100R001C20, V100R001C30, V200R003C00, V200R003C20 and V200R003C30 have an input validation vulnerability.A remote attacker may exploit this vulnerability by crafting a malformed packet and sending it to the device. A successful exploit could allow the attacker to cause a denial of service or execute arbitrary code.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Dp300 Firmware	v500r002c00
Huawei	Dp300	-
Huawei	Te60 Firmware	v100r001c01
Huawei	Te60	-
Huawei	Tp3106 Firmware	v100r001c06
Huawei	Tp3106	-
Huawei	Viewpoint 9030 Firmware	v100r011c02
Huawei	Viewpoint 9030	-
Huawei	Ecns210 Td Firmware	v100r004c10
Huawei	Ecns210 Td	-
Huawei	Espace 7950 Firmware	v200r003c00
Huawei	Espace 7950	-
Huawei	Espace Iad Firmware	v300r001c07spca00
Huawei	Espace Iad	-
Huawei	Espace U1981 Firmware	v100r001c20
Huawei	Espace U1981	-

Related Weaknesses (CWE)

CWE-20

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-pse-enIssue TrackingVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-pse-enIssue TrackingVendor Advisory

FAQ

What is CVE-2017-2722?

CVE-2017-2722 is a vulnerability with a CVSS score of 8.8 (HIGH). DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R...

How severe is CVE-2017-2722?

CVE-2017-2722 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-2722?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Dp300 Firmware, Huawei Dp300, Huawei Te60 Firmware, Huawei Te60, Huawei Tp3106 Firmware.