What is CVE-2017-17221?

CVE-2017-17221 is a remote code execution vulnerability in the Import Signal Tone function of Huawei eSpace 7950 V200R003C30 and eSpace 8950 V200R003C00; V200R003C30.

How severe is CVE-2017-17221?

CVE-2017-17221 has a severity score of 8.8, which is considered high.

How does CVE-2017-17221 impact Huawei eSpace 7950 and eSpace 8950?

CVE-2017-17221 allows an authenticated, remote attacker to execute arbitrary code in the affected products.

What is the affected software version for CVE-2017-17221?

The affected software versions for CVE-2017-17221 are v200r003c30 for Huawei eSpace 7950 and v200r003c00/v200r003c30 for Huawei eSpace 8950.

How can CVE-2017-17221 be fixed?

To fix CVE-2017-17221, Huawei recommends upgrading to the fixed versions mentioned in the security advisory.

Vulnerability/
CVE-2017-17221

high

8.8

CWE

9/3/2018

27/3/2018

CVE-2017-17221: Input Validation

First published: Fri Mar 09 2018(Updated: )

Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei Espace 7950 Firmware	=v200r003c30
Huawei eSpace 7950
Huawei Espace 8950 Firmware	=v200r003c00
Huawei Espace 8950 Firmware	=v200r003c30
Huawei eSpace 8950

Never miss a vulnerability like this again

Reference Links

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en

Frequently Asked Questions

What is CVE-2017-17221?
CVE-2017-17221 is a remote code execution vulnerability in the Import Signal Tone function of Huawei eSpace 7950 V200R003C30 and eSpace 8950 V200R003C00; V200R003C30.
How severe is CVE-2017-17221?
CVE-2017-17221 has a severity score of 8.8, which is considered high.
How does CVE-2017-17221 impact Huawei eSpace 7950 and eSpace 8950?
CVE-2017-17221 allows an authenticated, remote attacker to execute arbitrary code in the affected products.
What is the affected software version for CVE-2017-17221?
The affected software versions for CVE-2017-17221 are v200r003c30 for Huawei eSpace 7950 and v200r003c00/v200r003c30 for Huawei eSpace 8950.
How can CVE-2017-17221 be fixed?
To fix CVE-2017-17221, Huawei recommends upgrading to the fixed versions mentioned in the security advisory.

collector/nvd-index
vendor/huawei
canonical/huawei espace 7950 firmware
version/huawei espace 7950 firmware/v200r003c30
canonical/huawei espace 7950
canonical/huawei espace 8950 firmware
version/huawei espace 8950 firmware/v200r003c00
version/huawei espace 8950 firmware/v200r003c30
canonical/huawei espace 8950

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.