CVE-2017-17304

Summary

The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900.

Affected Software

VendorProductVersion RangeStatus
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00B010affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00B011affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00B012affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00B013affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00B014affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00B017affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00B018affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00SPC100affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00SPC200affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00SPC300affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00SPC400affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00SPC500affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00SPC600affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00SPC800affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00SPC900affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00SPCa00affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V600R006C00affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V600R006C00SPC200affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V600R006C00SPC300affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V600R006C00SPC400affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V600R006C00SPC500affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10SPC300affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10SPC500affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10SPC600affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10SPC700B010affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00SPC700affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00SPCb00affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10B001affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10B002affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10B010affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10B011affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10B012affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10B013affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10B014affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10B016affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10B017affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10B018affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10B019affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10SPC400affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10SPC700affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10SPC800B011affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V100R001C10SPC900affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00SPCd00affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V500R002C00SPCe00affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V600R006C00SPC100affected
n/aDP300, RP200, TE30, TE40, TE50, TE60, eSpace U1981V200R003C20SPC900affected

Weaknesses

  • Input Validation

ADP Enrichment

CVE Program Container

Additional References

References