What is CVE-2017-17170?

CVE-2017-17170 is a vulnerability that exists in the CIDAM Protocol on some Huawei Products.

How does CVE-2017-17170 affect Huawei Dp300 Firmware?

CVE-2017-17170 affects Huawei Dp300 Firmware versions v500r002c00 to v500r002c00spca00.

What is the severity of CVE-2017-17170?

The severity of CVE-2017-17170 is medium with a CVSS score of 6.5.

How can an attacker exploit CVE-2017-17170?

An authenticated remote attacker could exploit CVE-2017-17170 by sending a malicious message to a target system.

Is there a fix available for CVE-2017-17170?

Yes, users should refer to the official Huawei security advisory for instructions on how to mitigate CVE-2017-17170.

Vulnerability/
CVE-2017-17170

medium

6.5

CWE

9/3/2018

23/12/2019

CVE-2017-17170: Input Validation

First published: Fri Mar 09 2018(Updated: )

The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei Dp300 Firmware	=v500r002c00
Huawei Dp300 Firmware	=v500r002c00b010
Huawei Dp300 Firmware	=v500r002c00b011
Huawei Dp300 Firmware	=v500r002c00b012
Huawei Dp300 Firmware	=v500r002c00b013
Huawei Dp300 Firmware	=v500r002c00b014
Huawei Dp300 Firmware	=v500r002c00b017
Huawei Dp300 Firmware	=v500r002c00b018
Huawei Dp300 Firmware	=v500r002c00spc100
Huawei Dp300 Firmware	=v500r002c00spc200
Huawei Dp300 Firmware	=v500r002c00spc300
Huawei Dp300 Firmware	=v500r002c00spc400
Huawei Dp300 Firmware	=v500r002c00spc500
Huawei Dp300 Firmware	=v500r002c00spc600
Huawei Dp300 Firmware	=v500r002c00spc800
Huawei Dp300 Firmware	=v500r002c00spc900
Huawei Dp300 Firmware	=v500r002c00spca00
Huawei DP300

Never miss a vulnerability like this again

Reference Links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en

Frequently Asked Questions

What is CVE-2017-17170?
CVE-2017-17170 is a vulnerability that exists in the CIDAM Protocol on some Huawei Products.
How does CVE-2017-17170 affect Huawei Dp300 Firmware?
CVE-2017-17170 affects Huawei Dp300 Firmware versions v500r002c00 to v500r002c00spca00.
What is the severity of CVE-2017-17170?
The severity of CVE-2017-17170 is medium with a CVSS score of 6.5.
How can an attacker exploit CVE-2017-17170?
An authenticated remote attacker could exploit CVE-2017-17170 by sending a malicious message to a target system.
Is there a fix available for CVE-2017-17170?
Yes, users should refer to the official Huawei security advisory for instructions on how to mitigate CVE-2017-17170.

collector/nvd-index
agent/weakness
agent/type
agent/description
vendor/huawei
canonical/huawei dp300 firmware
version/huawei dp300 firmware/v500r002c00
version/huawei dp300 firmware/v500r002c00b010
version/huawei dp300 firmware/v500r002c00b011
version/huawei dp300 firmware/v500r002c00b012
version/huawei dp300 firmware/v500r002c00b013
version/huawei dp300 firmware/v500r002c00b014
version/huawei dp300 firmware/v500r002c00b017
version/huawei dp300 firmware/v500r002c00b018
version/huawei dp300 firmware/v500r002c00spc100
version/huawei dp300 firmware/v500r002c00spc200
version/huawei dp300 firmware/v500r002c00spc300
version/huawei dp300 firmware/v500r002c00spc400
version/huawei dp300 firmware/v500r002c00spc500
version/huawei dp300 firmware/v500r002c00spc600
version/huawei dp300 firmware/v500r002c00spc800
version/huawei dp300 firmware/v500r002c00spc900
version/huawei dp300 firmware/v500r002c00spca00
canonical/huawei dp300