CVE-2017-17168: Input Validation
First published: Fri Mar 09 2018(Updated: )
The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei DP300 firmware | =v500r002c00 | |
| Huawei DP300 firmware | =v500r002c00b010 | |
| Huawei DP300 firmware | =v500r002c00b011 | |
| Huawei DP300 firmware | =v500r002c00b012 | |
| Huawei DP300 firmware | =v500r002c00b013 | |
| Huawei DP300 firmware | =v500r002c00b014 | |
| Huawei DP300 firmware | =v500r002c00b017 | |
| Huawei DP300 firmware | =v500r002c00b018 | |
| Huawei DP300 firmware | =v500r002c00spc100 | |
| Huawei DP300 firmware | =v500r002c00spc200 | |
| Huawei DP300 firmware | =v500r002c00spc300 | |
| Huawei DP300 firmware | =v500r002c00spc400 | |
| Huawei DP300 firmware | =v500r002c00spc500 | |
| Huawei DP300 firmware | =v500r002c00spc600 | |
| Huawei DP300 firmware | =v500r002c00spc800 | |
| Huawei DP300 firmware | =v500r002c00spc900 | |
| Huawei DP300 firmware | =v500r002c00spca00 | |
| Huawei DP300 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-17168?
CVE-2017-17168 has been assigned a medium severity rating due to its potential for exploitation by authenticated remote attackers.
How do I fix CVE-2017-17168?
To fix CVE-2017-17168, update the Huawei DP300 firmware to the latest version available from Huawei.
Which products are affected by CVE-2017-17168?
CVE-2017-17168 affects multiple versions of Huawei DP300 firmware, including versions v500r002c00 to v500r002c00spca00.
What type of vulnerability is CVE-2017-17168?
CVE-2017-17168 is classified as an input validation vulnerability in the CIDAM Protocol.
Can CVE-2017-17168 be exploited remotely?
Yes, CVE-2017-17168 can be exploited by authenticated remote attackers through malicious messages.
- agent/weakness
- agent/type
- agent/event
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei dp300 firmware
- version/huawei dp300 firmware/v500r002c00
- version/huawei dp300 firmware/v500r002c00b010
- version/huawei dp300 firmware/v500r002c00b011
- version/huawei dp300 firmware/v500r002c00b012
- version/huawei dp300 firmware/v500r002c00b013
- version/huawei dp300 firmware/v500r002c00b014
- version/huawei dp300 firmware/v500r002c00b017
- version/huawei dp300 firmware/v500r002c00b018
- version/huawei dp300 firmware/v500r002c00spc100
- version/huawei dp300 firmware/v500r002c00spc200
- version/huawei dp300 firmware/v500r002c00spc300
- version/huawei dp300 firmware/v500r002c00spc400
- version/huawei dp300 firmware/v500r002c00spc500
- version/huawei dp300 firmware/v500r002c00spc600
- version/huawei dp300 firmware/v500r002c00spc800
- version/huawei dp300 firmware/v500r002c00spc900
- version/huawei dp300 firmware/v500r002c00spca00