Home

CVE-2017-17168

Description

The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
EPSS Score
Exploitation Probability
0.204

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities affected in dp300_firmware v500r002c00spca00NCM
Multiple Vulnerabilities affected in dp300_firmware v500r002c00spc900NCM
Multiple Vulnerabilities affected in dp300_firmware v500r002c00spc800NCM
Multiple Vulnerabilities affected in dp300_firmware v500r002c00spc600NCM
Multiple Vulnerabilities affected in dp300_firmware v500r002c00spc500NCM
Multiple Vulnerabilities affected in dp300_firmware v500r002c00spc400NCM
Multiple Vulnerabilities affected in dp300_firmware v500r002c00spc300NCM
Multiple Vulnerabilities affected in dp300_firmware v500r002c00spc200NCM
Multiple Vulnerabilities affected in dp300_firmware v500r002c00spc100NCM
Multiple Vulnerabilities affected in dp300_firmware v500r002c00NCM
Vulnerabilities CVE-2017-17168 ,CVE-2017-17169 ,CVE-2017-17170 ,CVE-2017-17303 ,CVE-2017-17304 are affected in dp300_firmware v500r002c00b018NCM
Vulnerabilities CVE-2017-17168 ,CVE-2017-17169 ,CVE-2017-17170 ,CVE-2017-17303 ,CVE-2017-17304 are affected in dp300_firmware v500r002c00b017NCM
Vulnerabilities CVE-2017-17168 ,CVE-2017-17169 ,CVE-2017-17170 ,CVE-2017-17303 ,CVE-2017-17304 are affected in dp300_firmware v500r002c00b014NCM
Vulnerabilities CVE-2017-17168 ,CVE-2017-17169 ,CVE-2017-17170 ,CVE-2017-17303 ,CVE-2017-17304 are affected in dp300_firmware v500r002c00b013NCM
Vulnerabilities CVE-2017-17168 ,CVE-2017-17169 ,CVE-2017-17170 ,CVE-2017-17303 ,CVE-2017-17304 are affected in dp300_firmware v500r002c00b012NCM
Vulnerabilities CVE-2017-17168 ,CVE-2017-17169 ,CVE-2017-17170 ,CVE-2017-17303 ,CVE-2017-17304 are affected in dp300_firmware v500r002c00b011NCM
Vulnerabilities CVE-2017-17168 ,CVE-2017-17169 ,CVE-2017-17170 ,CVE-2017-17303 ,CVE-2017-17304 are affected in dp300_firmware v500r002c00b010NCM
Improper Input Validation Vulnerability (CVE-2017-17168)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234