What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2017-17222.

What is the severity of CVE-2017-17222?

The severity of CVE-2017-17222 is high with a severity value of 8.8.

Which products are affected by CVE-2017-17222?

Huawei eSpace 7950 and Huawei eSpace 8950 firmware versions V200R003C30 and V200R003C00 are affected by CVE-2017-17222.

Is there a fix available for CVE-2017-17222?

It is recommended to refer to the official security advisory from Huawei for information on available patches or mitigations for CVE-2017-17222.

Vulnerability/
CVE-2017-17222

high

8.8

CWE

9/3/2018

27/3/2018

CVE-2017-17222

First published: Fri Mar 09 2018(Updated: )

Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei Espace 7950 Firmware	=v200r003c30
Huawei eSpace 7950
Huawei Espace 8950 Firmware	=v200r003c00
Huawei Espace 8950 Firmware	=v200r003c30
Huawei eSpace 8950

Never miss a vulnerability like this again

Reference Links

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2017-17222.
What is the severity of CVE-2017-17222?
The severity of CVE-2017-17222 is high with a severity value of 8.8.
Which products are affected by CVE-2017-17222?
Huawei eSpace 7950 and Huawei eSpace 8950 firmware versions V200R003C30 and V200R003C00 are affected by CVE-2017-17222.
How does the vulnerability in Import Language Package function in Huawei eSpace 7950 and eSpace 8950 manifest?
The vulnerability manifests as a remote code execution vulnerability, where an authenticated, remote attacker can craft and send packets to the affected products after uploading a Language Package.
Is there a fix available for CVE-2017-17222?
It is recommended to refer to the official security advisory from Huawei for information on available patches or mitigations for CVE-2017-17222.

collector/nvd-index
vendor/huawei
product/espace 7950 firmware
canonical/huawei espace 7950 firmware
product/espace 7950
canonical/huawei espace 7950
product/espace 8950 firmware
canonical/huawei espace 8950 firmware
product/espace 8950
canonical/huawei espace 8950

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.