CVE-2017-15333 : XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V10

XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks.

Published 2018-02-15 16:29:00

Updated 2018-02-27 15:17:47

Source Huawei Technologies

View at NVD, CVE.org

Vulnerability category: Input validationDenial of service

Products affected by CVE-2017-15333

Huawei » S7700 Firmware » Version: V200r003c00
cpe:2.3:o:huawei:s7700_firmware:v200r003c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S7700 » Version: N/A
Huawei » S7700 Firmware » Version: V200r006c00
cpe:2.3:o:huawei:s7700_firmware:v200r006c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S7700 » Version: N/A
Huawei » S7700 Firmware » Version: V200r002c00
cpe:2.3:o:huawei:s7700_firmware:v200r002c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S7700 » Version: N/A
Huawei » S7700 Firmware » Version: V200r005c00
cpe:2.3:o:huawei:s7700_firmware:v200r005c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S7700 » Version: N/A
Huawei » S7700 Firmware » Version: V200r008c00
cpe:2.3:o:huawei:s7700_firmware:v200r008c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S7700 » Version: N/A
Huawei » S7700 Firmware » Version: V200r001c00
cpe:2.3:o:huawei:s7700_firmware:v200r001c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S7700 » Version: N/A
Huawei » S7700 Firmware » Version: V200r007c00
cpe:2.3:o:huawei:s7700_firmware:v200r007c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S7700 » Version: N/A
Huawei » S7700 Firmware » Version: V200r009c00
cpe:2.3:o:huawei:s7700_firmware:v200r009c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S7700 » Version: N/A
Huawei » S7700 Firmware » Version: V200r010c00
cpe:2.3:o:huawei:s7700_firmware:v200r010c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S7700 » Version: N/A
Huawei » S9700 Firmware » Version: V200r003c00
cpe:2.3:o:huawei:s9700_firmware:v200r003c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S9700 » Version: N/A
Huawei » S9700 Firmware » Version: V200r006c00
cpe:2.3:o:huawei:s9700_firmware:v200r006c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S9700 » Version: N/A
Huawei » S9700 Firmware » Version: V200r002c00
cpe:2.3:o:huawei:s9700_firmware:v200r002c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S9700 » Version: N/A
Huawei » S9700 Firmware » Version: V200r005c00
cpe:2.3:o:huawei:s9700_firmware:v200r005c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S9700 » Version: N/A
Huawei » S9700 Firmware » Version: V200r008c00
cpe:2.3:o:huawei:s9700_firmware:v200r008c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S9700 » Version: N/A
Huawei » S9700 Firmware » Version: V200r001c00
cpe:2.3:o:huawei:s9700_firmware:v200r001c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S9700 » Version: N/A
Huawei » S9700 Firmware » Version: V200r007c00
cpe:2.3:o:huawei:s9700_firmware:v200r007c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S9700 » Version: N/A
Huawei » S9700 Firmware » Version: V200r009c00
cpe:2.3:o:huawei:s9700_firmware:v200r009c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S9700 » Version: N/A
Huawei » S9700 Firmware » Version: V200r010c00
cpe:2.3:o:huawei:s9700_firmware:v200r010c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S9700 » Version: N/A
Huawei » S12700 Firmware » Version: V200r005c00
cpe:2.3:o:huawei:s12700_firmware:v200r005c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S12700 » Version: N/A
Huawei » S5700 Firmware » Version: V200r003c00
cpe:2.3:o:huawei:s5700_firmware:v200r003c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5700 » Version: N/A
Huawei » S5700 Firmware » Version: V200r002c00
cpe:2.3:o:huawei:s5700_firmware:v200r002c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5700 » Version: N/A
Huawei » S5700 Firmware » Version: V200r005c00
cpe:2.3:o:huawei:s5700_firmware:v200r005c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5700 » Version: N/A
Huawei » S5700 Firmware » Version: V200r001c00
cpe:2.3:o:huawei:s5700_firmware:v200r001c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5700 » Version: N/A
Huawei » S5700 Firmware » Version: V200r006c00
cpe:2.3:o:huawei:s5700_firmware:v200r006c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5700 » Version: N/A
Huawei » S5700 Firmware » Version: V200r008c00
cpe:2.3:o:huawei:s5700_firmware:v200r008c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5700 » Version: N/A
Huawei » S5700 Firmware » Version: V200r003c02
cpe:2.3:o:huawei:s5700_firmware:v200r003c02:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5700 » Version: N/A
Huawei » S5700 Firmware » Version: V200r007c00
cpe:2.3:o:huawei:s5700_firmware:v200r007c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5700 » Version: N/A
Huawei » S5700 Firmware » Version: V200r009c00
cpe:2.3:o:huawei:s5700_firmware:v200r009c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5700 » Version: N/A
Huawei » S5700 Firmware » Version: V200r010c00
cpe:2.3:o:huawei:s5700_firmware:v200r010c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S5700 » Version: N/A
Huawei » S6700 Firmware » Version: V200r003c00
cpe:2.3:o:huawei:s6700_firmware:v200r003c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S6700 » Version: N/A
Huawei » S6700 Firmware » Version: V200r008c00
cpe:2.3:o:huawei:s6700_firmware:v200r008c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S6700 » Version: N/A
Huawei » S6700 Firmware » Version: V200r001c00
cpe:2.3:o:huawei:s6700_firmware:v200r001c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S6700 » Version: N/A
Huawei » S6700 Firmware » Version: V200r002c00
cpe:2.3:o:huawei:s6700_firmware:v200r002c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S6700 » Version: N/A
Huawei » S6700 Firmware » Version: V200r005c00
cpe:2.3:o:huawei:s6700_firmware:v200r005c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S6700 » Version: N/A
Huawei » S6700 Firmware » Version: V200r009c00
cpe:2.3:o:huawei:s6700_firmware:v200r009c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S6700 » Version: N/A
Huawei » S6700 Firmware » Version: V200r005c02
cpe:2.3:o:huawei:s6700_firmware:v200r005c02:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S6700 » Version: N/A
Huawei » S6700 Firmware » Version: V200r010c00
cpe:2.3:o:huawei:s6700_firmware:v200r010c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S6700 » Version: N/A
Huawei » S1700 Firmware » Version: V200r009c00
cpe:2.3:o:huawei:s1700_firmware:v200r009c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S1700 » Version: N/A
Huawei » S1700 Firmware » Version: V200r010c00
cpe:2.3:o:huawei:s1700_firmware:v200r010c00:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » S1700 » Version: N/A
Huawei » Ecns210 Td Firmware » Version: V100r004c10
cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ecns210 Td » Version: N/A
Huawei » Ecns210 Td Firmware » Version: V100r004c10spc003
cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc003:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ecns210 Td » Version: N/A
Huawei » Ecns210 Td Firmware » Version: V100r004c10spc101
cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc101:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ecns210 Td » Version: N/A
Huawei » Ecns210 Td Firmware » Version: V100r004c10spc102
cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc102:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ecns210 Td » Version: N/A
Huawei » Ecns210 Td Firmware » Version: V100r004c10spc200
cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc200:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ecns210 Td » Version: N/A
Huawei » Ecns210 Td Firmware » Version: V100r004c10spc221
cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc221:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ecns210 Td » Version: N/A
Huawei » Ecns210 Td Firmware » Version: V100r004c10spc400
cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc400:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ecns210 Td » Version: N/A
Huawei » Ecns210 Td Firmware » Version: V100r004c10spc100
cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc100:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Ecns210 Td » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-15333

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 20 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-15333

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
4.7	MEDIUM	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H	1.0	3.6	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2017-15333

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-15333

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en

Security Advisory - Two DOS Vulnerabilities of XML Parser in Some Huawei Products
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-15333

Products affected by CVE-2017-15333

Exploit prediction scoring system (EPSS) score for CVE-2017-15333

CVSS scores for CVE-2017-15333

CWE ids for CVE-2017-15333

References for CVE-2017-15333