Published: 09/03/2018 Updated: 23/12/2019

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 5.2 | Exploitability Score: 1.2

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the malicious user to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900.

Vulnerable Product	Search on Vulmon	Subscribe to Product
huawei dp300_firmware v500r002c00
huawei dp300_firmware v500r002c00b010
huawei dp300_firmware v500r002c00b011
huawei dp300_firmware v500r002c00spc900
huawei dp300_firmware v500r002c00spca00
huawei dp300_firmware v500r002c00b012
huawei dp300_firmware v500r002c00b014
huawei dp300_firmware v500r002c00spc500
huawei dp300_firmware v500r002c00spc800
huawei dp300_firmware v500r002c00b018
huawei dp300_firmware v500r002c00spc100
huawei dp300_firmware v500r002c00spc200
huawei dp300_firmware v500r002c00spc300
huawei dp300_firmware v500r002c00b013
huawei dp300_firmware v500r002c00b017
huawei dp300_firmware v500r002c00spc400
huawei dp300_firmware v500r002c00spc600

The CIDAM Protocol on Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented An authenticated remote attacker could send a malicious message to a target system Successful exploit could allow the attacker to tamper with business and make the system abnormal ...

CWE-20 https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en https://nvd.nist.gov https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en

CVE-2017-17304

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect