What is the severity of CVE-2017-17308?

The severity of CVE-2017-17308 is medium with a severity value of 5.3.

How does the CVE-2017-17308 vulnerability manifest?

The CVE-2017-17308 vulnerability manifests as an invalid memory access vulnerability in the SCCPX module of the affected Huawei products.

Is authentication required to exploit CVE-2017-17308?

No, CVE-2017-17308 can be exploited by an unauthenticated, remote attacker.

How can I fix CVE-2017-17308?

To fix CVE-2017-17308, it is recommended to apply the necessary security updates provided by Huawei.

Vulnerability/
CVE-2017-17308

medium

5.3

CWE

11/4/2018

23/5/2018

CVE-2017-17308

First published: Wed Apr 11 2018(Updated: )

SCCPX module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 has an invalid memory access vulnerability. An unauthenticated, remote attacker may send specially crafted packets to the affected products. Due to insufficient validation of packets, successful exploit may cause some services abnormal.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei Dp300 Firmware	=v500r002c00spcb00
Huawei DP300
Huawei Rp200 Firmware	=v500r002c00
Huawei Rp200 Firmware	=v600r006c00
Huawei Rp200
Huawei Te30 Firmware	=v100r001c10
Huawei Te30 Firmware	=v500r002c00
Huawei Te30 Firmware	=v600r006c00
Huawei TE30
Huawei Te40 Firmware	=v500r002c00
Huawei Te40 Firmware	=v600r006c00
Huawei Te40
Huawei Te50 Firmware	=v500r002c00
Huawei Te50 Firmware	=v600r006c00
Huawei Te50
Huawei Te60 Firmware	=v100r001c10
Huawei Te60 Firmware	=v500r002c00
Huawei Te60 Firmware	=v600r006c00
Huawei TE60

Never miss a vulnerability like this again

Reference Links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180411-01-sccpx-en

Frequently Asked Questions

What is the severity of CVE-2017-17308?
The severity of CVE-2017-17308 is medium with a severity value of 5.3.
Which Huawei products are affected by CVE-2017-17308?
Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 are affected by CVE-2017-17308.
How does the CVE-2017-17308 vulnerability manifest?
The CVE-2017-17308 vulnerability manifests as an invalid memory access vulnerability in the SCCPX module of the affected Huawei products.
Is authentication required to exploit CVE-2017-17308?
No, CVE-2017-17308 can be exploited by an unauthenticated, remote attacker.
How can I fix CVE-2017-17308?
To fix CVE-2017-17308, it is recommended to apply the necessary security updates provided by Huawei.

collector/nvd-index
vendor/huawei
product/dp300 firmware
canonical/huawei dp300 firmware
product/dp300
canonical/huawei dp300
product/rp200 firmware
canonical/huawei rp200 firmware
product/rp200
canonical/huawei rp200
product/te30 firmware
canonical/huawei te30 firmware
product/te30
canonical/huawei te30
product/te40 firmware
canonical/huawei te40 firmware
product/te40
canonical/huawei te40
product/te50 firmware
canonical/huawei te50 firmware
product/te50
canonical/huawei te50
product/te60 firmware
canonical/huawei te60 firmware
product/te60
canonical/huawei te60

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.