CVE-2017-17168

The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900.

Published: Mar 9, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-17168
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:N/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
huawei / dp300_firmware	500r002c00	500r002c00.x
huawei / dp300_firmware	500r002c00b010	500r002c00b010.x
huawei / dp300_firmware	500r002c00b011	500r002c00b011.x
huawei / dp300_firmware	500r002c00b012	500r002c00b012.x
huawei / dp300_firmware	500r002c00b013	500r002c00b013.x
huawei / dp300_firmware	500r002c00b014	500r002c00b014.x
huawei / dp300_firmware	500r002c00b017	500r002c00b017.x
huawei / dp300_firmware	500r002c00b018	500r002c00b018.x
huawei / dp300_firmware	500r002c00spc100	500r002c00spc100.x
huawei / dp300_firmware	500r002c00spc200	500r002c00spc200.x
huawei / dp300_firmware	500r002c00spc300	500r002c00spc300.x
huawei / dp300_firmware	500r002c00spc400	500r002c00spc400.x
huawei / dp300_firmware	500r002c00spc500	500r002c00spc500.x
huawei / dp300_firmware	500r002c00spc600	500r002c00spc600.x
huawei / dp300_firmware	500r002c00spc800	500r002c00spc800.x
huawei / dp300_firmware	500r002c00spc900	500r002c00spc900.x
huawei / dp300_firmware	500r002c00spca00	500r002c00spca00.x

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en

Vulnerability Database

289,599

CVE-2017-17168