fkie_cve-2017-17131
Vulnerability from fkie_nvd
Published
2018-03-05 19:29
Modified
2024-11-21 03:17
Severity ?
Summary
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system when a system manager load the key an infinite loop happens which lead to reboot the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | dp300_firmware | v500r002c00 | |
| huawei | dp300 | - | |
| huawei | rp200_firmware | v500r002c00 | |
| huawei | rp200_firmware | v600r006c00 | |
| huawei | rp200 | - | |
| huawei | te30_firmware | v100r001c10 | |
| huawei | te30_firmware | v600r006c00 | |
| huawei | te30 | - | |
| huawei | te50_firmware | v600r006c00 | |
| huawei | te50 | - | |
| huawei | te60_firmware | v100r001c10 | |
| huawei | te60_firmware | v500r002c00 | |
| huawei | te60_firmware | v600r006c00 | |
| huawei | te60 | - | |
| huawei | vp9660_firmware | v500r002c10 | |
| huawei | vp9660 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "8871106B-D3AF-4CFB-A544-1FA411642428",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F3483B2-9EB6-4E34-900A-945C04A3160D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "16C1ED34-BC94-4AAC-ADF4-5FCD637E5B4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "67731A77-1DD4-49B2-B437-2850C9583750",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98275088-2FBE-42F4-AAEC-DF02950B803D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3EF476-42D7-4758-8DCB-373F46BF1CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "018039EB-7265-4B71-B462-4734FD1D0503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1146F99B-5344-4CD3-AF3F-CD3FE6F6DD91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "A70F8924-DC80-4D6F-BA3E-DBFE32FED788",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4F188B3-0A63-4704-9B0D-F8DF5D973FA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*",
"matchCriteriaId": "092C9FAF-8892-4E16-9C0E-BB1E3488C6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "01BC9042-0485-437F-811F-F8898B3B7EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "4A29049D-F472-4772-8750-20730DA624E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "999117E9-90C8-4E76-90B5-7D364C0B84BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:vp9660_firmware:v500r002c10:*:*:*:*:*:*:*",
"matchCriteriaId": "A58ED692-8BED-4877-9BC9-D41386B660C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:vp9660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DC498B-F19F-403A-ACFE-F8364A78EC66",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system when a system manager load the key an infinite loop happens which lead to reboot the system."
},
{
"lang": "es",
"value": "Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 tienen una vulnerabilidad de denegaci\u00f3n de servicio (DoS) debido a la validaci\u00f3n insuficiente del par\u00e1metro cuando se carga un comentario putty. Un atacante remoto autenticado puede colocar un archivo de clave putty mal formado en un sistema y provocar un bucle infinito y el reinicio del sistema cuando un gestor de sistema carga la clave."
}
],
"id": "CVE-2017-17131",
"lastModified": "2024-11-21T03:17:32.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-05T19:29:00.207",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-01-vpp-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-01-vpp-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…