CVE-2017-17281

{"id": "CVE-2017-17281", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2018-03-09T17:29:01.703", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180228-01-sftp-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. A remote, authenticated attacker could exploit this vulnerability by sending specially crafted messages to a target device. Successful exploit may cause some information leak."}, {"lang": "es", "value": "El m\u00f3dulo SFTP en Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00 y V600R006C00 tiene una vulnerabilidad de lectura fuera de l\u00edmites. Un atacante remoto autenticado podr\u00eda explotar esta vulnerabilidad enviando mensajes especialmente manipulados a un dispositivo objetivo. Un exploit con \u00e9xito podr\u00eda provocar un filtrado de informaci\u00f3n."}], "lastModified": "2018-03-29T12:47:58.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8871106B-D3AF-4CFB-A544-1FA411642428"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F3483B2-9EB6-4E34-900A-945C04A3160D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67731A77-1DD4-49B2-B437-2850C9583750"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "98275088-2FBE-42F4-AAEC-DF02950B803D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA3EF476-42D7-4758-8DCB-373F46BF1CF5"}, {"criteria": "cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DEA387B-4F45-438F-8086-6E80B553163C"}, {"criteria": "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "018039EB-7265-4B71-B462-4734FD1D0503"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1146F99B-5344-4CD3-AF3F-CD3FE6F6DD91"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDD87254-ABAD-4DFF-BC0D-2CF030063D6F"}, {"criteria": "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "931FD3B3-A333-4277-AE55-494F5DB9F09F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "45C3AF58-E030-4E12-A2FD-A4337A5021ED"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF7A4D51-314B-4A77-86A7-9C5237BC4275"}, {"criteria": "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A70F8924-DC80-4D6F-BA3E-DBFE32FED788"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A4F188B3-0A63-4704-9B0D-F8DF5D973FA5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "092C9FAF-8892-4E16-9C0E-BB1E3488C6C4"}, {"criteria": "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01BC9042-0485-437F-811F-F8898B3B7EA7"}, {"criteria": "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A29049D-F472-4772-8750-20730DA624E9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "999117E9-90C8-4E76-90B5-7D364C0B84BF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}