Vulnerability Details : CVE-2017-17138
PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a DoS vulnerability in PEM module of Huawei products due to insufficient verification. An authenticated local attacker can make processing into deadloop by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2017-17138
- cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:te60_firmware:v100r001c02:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s7700_firmware:v200r008c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s7700_firmware:v200r007c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s7700_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s7700_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9700_firmware:v200r008c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9700_firmware:v200r007c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9700_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9700_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9700_firmware:v200r007c01:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s12700_firmware:v200r008c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s12700_firmware:v200r007c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s12700_firmware:v200r007c01:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s12700_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s12700_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5700_firmware:v200r006c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5700_firmware:v200r008c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5700_firmware:v200r007c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5700_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5700_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30s:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ips_module_firmware:v500r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s6700_firmware:v200r008c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s6700_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s6700_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s2700_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s2700_firmware:v200r007c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s2700_firmware:v200r008c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s2700_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s2700_firmware:v200r006c10:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:tp3106_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:tp3206_firmware:v100r002c10:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s1700_firmware:v200r009c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s1700_firmware:v200r010c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s1700_firmware:v200r006c10:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:te30_firmware:v100r001c02:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-17138
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-17138
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2017-17138
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-17138
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en
Security Advisory - Multiple Vulnerabilities of PEM Module in Some Huawei ProductsVendor Advisory
Jump to