What is the severity of CVE-2017-15346?

CVE-2017-15346 is rated as high severity due to its potential to allow remote code execution.

How do I fix CVE-2017-15346?

To mitigate CVE-2017-15346, upgrade to the latest firmware version provided by Huawei for affected devices.

Which Huawei devices are affected by CVE-2017-15346?

CVE-2017-15346 affects various models including the S12700, S1700, S3700, S5700, S6700, S7700, and S9700 series.

What kind of vulnerability is CVE-2017-15346?

CVE-2017-15346 is an XML parser vulnerability that exposes the system to potential attacks.

Is there a workaround for CVE-2017-15346 if I cannot update immediately?

A possible workaround for CVE-2017-15346 includes disabling XML parsing where possible on the affected devices.

Vulnerability/
CVE-2017-15346

medium

4.7

CWE

15/2/2018

5/8/2024

CVE-2017-15346: Input Validation

First published: Thu Feb 15 2018(Updated: )

XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei S12700 Firmware	=v200r005c00
Huawei S12700 Firmware
Huawei S1700 Firmware	=v200r009c00
Huawei S1700 Firmware	=v200r010c00
Huawei S1700 Firmware
Huawei S5700HI Firmware	=v200r001c00
Huawei S5700HI Firmware	=v200r002c00
Huawei S5700HI Firmware	=v200r003c00
Huawei S5700HI Firmware	=v200r003c02
Huawei S5700HI Firmware	=v200r005c00
Huawei S5700HI Firmware	=v200r006c00
Huawei S5700HI Firmware	=v200r007c00
Huawei S5700HI Firmware	=v200r008c00
Huawei S5700HI Firmware	=v200r009c00
Huawei S5700HI Firmware	=v200r010c00
Huawei S5700 Firmware
Huawei S6700EI Firmware	=v200r001c00
Huawei S6700EI Firmware	=v200r002c00
Huawei S6700EI Firmware	=v200r003c00
Huawei S6700EI Firmware	=v200r005c00
Huawei S6700EI Firmware	=v200r005c02
Huawei S6700EI Firmware	=v200r008c00
Huawei S6700EI Firmware	=v200r009c00
Huawei S6700EI Firmware	=v200r010c00
Huawei S6700 Firmware
Huawei Campus S7700 firmware	=v200r001c00
Huawei Campus S7700 firmware	=v200r002c00
Huawei Campus S7700 firmware	=v200r003c00
Huawei Campus S7700 firmware	=v200r005c00
Huawei Campus S7700 firmware	=v200r006c00
Huawei Campus S7700 firmware	=v200r007c00
Huawei Campus S7700 firmware	=v200r008c00
Huawei Campus S7700 firmware	=v200r009c00
Huawei Campus S7700 firmware	=v200r010c00
Huawei Campus S7700
Huawei LSW S9700 firmware	=v200r001c00
Huawei LSW S9700 firmware	=v200r002c00
Huawei LSW S9700 firmware	=v200r003c00
Huawei LSW S9700 firmware	=v200r005c00
Huawei LSW S9700 firmware	=v200r006c00
Huawei LSW S9700 firmware	=v200r007c00
Huawei LSW S9700 firmware	=v200r008c00
Huawei LSW S9700 firmware	=v200r009c00
Huawei LSW S9700 firmware	=v200r010c00
Huawei Campus LSW S9700
Huawei eCNS210 TD	=v100r004c10
Huawei eCNS210 TD	=v100r004c10spc003
Huawei eCNS210 TD	=v100r004c10spc100
Huawei eCNS210 TD	=v100r004c10spc101
Huawei eCNS210 TD	=v100r004c10spc102
Huawei eCNS210 TD	=v100r004c10spc200
Huawei eCNS210 TD	=v100r004c10spc221
Huawei eCNS210 TD	=v100r004c10spc400
Huawei eCNS210 TD firmware

Never miss a vulnerability like this again

Reference Links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en

Frequently Asked Questions

What is the severity of CVE-2017-15346?
CVE-2017-15346 is rated as high severity due to its potential to allow remote code execution.
How do I fix CVE-2017-15346?
To mitigate CVE-2017-15346, upgrade to the latest firmware version provided by Huawei for affected devices.
Which Huawei devices are affected by CVE-2017-15346?
CVE-2017-15346 affects various models including the S12700, S1700, S3700, S5700, S6700, S7700, and S9700 series.
What kind of vulnerability is CVE-2017-15346?
CVE-2017-15346 is an XML parser vulnerability that exposes the system to potential attacks.
Is there a workaround for CVE-2017-15346 if I cannot update immediately?
A possible workaround for CVE-2017-15346 includes disabling XML parsing where possible on the affected devices.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/author
agent/weakness
agent/last-modified-date
agent/event
agent/description
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/huawei
canonical/huawei s12700 firmware
version/huawei s12700 firmware/v200r005c00
canonical/huawei s1700 firmware
version/huawei s1700 firmware/v200r009c00
version/huawei s1700 firmware/v200r010c00
canonical/huawei s5700hi firmware
version/huawei s5700hi firmware/v200r001c00
version/huawei s5700hi firmware/v200r002c00
version/huawei s5700hi firmware/v200r003c00
version/huawei s5700hi firmware/v200r003c02
version/huawei s5700hi firmware/v200r005c00
version/huawei s5700hi firmware/v200r006c00
version/huawei s5700hi firmware/v200r007c00
version/huawei s5700hi firmware/v200r008c00
version/huawei s5700hi firmware/v200r009c00
version/huawei s5700hi firmware/v200r010c00
canonical/huawei s5700 firmware
canonical/huawei s6700ei firmware
version/huawei s6700ei firmware/v200r001c00
version/huawei s6700ei firmware/v200r002c00
version/huawei s6700ei firmware/v200r003c00
version/huawei s6700ei firmware/v200r005c00
version/huawei s6700ei firmware/v200r005c02
version/huawei s6700ei firmware/v200r008c00
version/huawei s6700ei firmware/v200r009c00
version/huawei s6700ei firmware/v200r010c00
canonical/huawei s6700 firmware
canonical/huawei campus s7700 firmware
version/huawei campus s7700 firmware/v200r001c00
version/huawei campus s7700 firmware/v200r002c00
version/huawei campus s7700 firmware/v200r003c00
version/huawei campus s7700 firmware/v200r005c00
version/huawei campus s7700 firmware/v200r006c00
version/huawei campus s7700 firmware/v200r007c00
version/huawei campus s7700 firmware/v200r008c00
version/huawei campus s7700 firmware/v200r009c00
version/huawei campus s7700 firmware/v200r010c00
canonical/huawei campus s7700
canonical/huawei lsw s9700 firmware
version/huawei lsw s9700 firmware/v200r001c00
version/huawei lsw s9700 firmware/v200r002c00
version/huawei lsw s9700 firmware/v200r003c00
version/huawei lsw s9700 firmware/v200r005c00
version/huawei lsw s9700 firmware/v200r006c00
version/huawei lsw s9700 firmware/v200r007c00
version/huawei lsw s9700 firmware/v200r008c00
version/huawei lsw s9700 firmware/v200r009c00
version/huawei lsw s9700 firmware/v200r010c00
canonical/huawei campus lsw s9700
canonical/huawei ecns210 td
version/huawei ecns210 td/v100r004c10
version/huawei ecns210 td/v100r004c10spc003
version/huawei ecns210 td/v100r004c10spc100
version/huawei ecns210 td/v100r004c10spc101
version/huawei ecns210 td/v100r004c10spc102
version/huawei ecns210 td/v100r004c10spc200
version/huawei ecns210 td/v100r004c10spc221
version/huawei ecns210 td/v100r004c10spc400
canonical/huawei ecns210 td firmware