CVE-2017-15315 - OpenCVE

Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200 has a memory leak vulnerability. An authenticated attacker could execute special commands many times, the memory leaking happened, which would cause the device to reset finally.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:S/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Nip6300 Nip6600 Secospace Usg6300 Nip6600 Firmware Secospace Usg6500 Firmware Secospace Usg6300 Firmware Nip6300 Firmware Secospace Usg6500

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:nip6300_firmware:v500r001c20spc100:::::::*
	cpe:2.3:o:huawei:nip6300_firmware:v500r001c20spc200:::::::*

cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:huawei:nip6600_firmware:v500r001c20spc100:::::::*
	cpe:2.3:o:huawei:nip6600_firmware:v500r001c20spc200:::::::*

cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc100:::::::*
	cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc200:::::::*

cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc100:::::::*
	cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc200:::::::*

cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-command-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2018-03-09T21:00:00

Updated: 2018-03-09T20:57:01

Reserved: 2017-10-14T00:00:00

Link: CVE-2017-15315

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-03-09T21:29:00.517

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-15315

JSON object: View

Redhat Information

No data.

CWE

CWE-772

{"containers": {"cna": {"affected": [{"product": "NIP6300,NIP6600,Secospace USG6300,Secospace USG6500", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "NIP6300 V500R001C20SPC100, V500R001C20SPC200,NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200"}]}], "datePublic": "2017-11-29T00:00:00", "descriptions": [{"lang": "en", "value": "Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200 has a memory leak vulnerability. An authenticated attacker could execute special commands many times, the memory leaking happened, which would cause the device to reset finally."}], "problemTypes": [{"descriptions": [{"description": "Memory Leak", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-09T20:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-command-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2017-15315", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NIP6300,NIP6600,Secospace USG6300,Secospace USG6500", "version": {"version_data": [{"version_value": "NIP6300 V500R001C20SPC100, V500R001C20SPC200,NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200 has a memory leak vulnerability. An authenticated attacker could execute special commands many times, the memory leaking happened, which would cause the device to reset finally."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Memory Leak"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-command-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-command-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-15315", "datePublished": "2018-03-09T21:00:00", "dateReserved": "2017-10-14T00:00:00", "dateUpdated": "2018-03-09T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:nip6300_firmware:v500r001c20spc100:*:*:*:*:*:*:*", "matchCriteriaId": "80CC85C8-F102-4E5F-BAD3-9658D87CE953", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:nip6300_firmware:v500r001c20spc200:*:*:*:*:*:*:*", "matchCriteriaId": "CD3921D5-81A0-4700-A302-7F4C276D4ABE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E054182-CE33-45E3-8595-159A75BA5162", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:nip6600_firmware:v500r001c20spc100:*:*:*:*:*:*:*", "matchCriteriaId": "9038E75D-50F4-4849-BD2C-8846A353B53E", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:nip6600_firmware:v500r001c20spc200:*:*:*:*:*:*:*", "matchCriteriaId": "0545D687-6670-41B4-A1B1-1048879658B8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE8CA649-7AE1-497C-869B-B4DD315F342C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc100:*:*:*:*:*:*:*", "matchCriteriaId": "8BBE3431-EBFA-4C4A-97B1-6384869FD197", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc200:*:*:*:*:*:*:*", "matchCriteriaId": "9F11B551-9147-4DCA-8FEF-0874EEB83984", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*", "matchCriteriaId": "C281B511-7A27-4FC6-9427-AE5AD7C302F3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc100:*:*:*:*:*:*:*", "matchCriteriaId": "0B7BA85B-9D77-44C2-B91D-5C8FC20B25A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc200:*:*:*:*:*:*:*", "matchCriteriaId": "2ED44F95-064A-4E85-A030-B15E88FBEAB4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*", "matchCriteriaId": "0ED6E342-26E7-45DF-AC3F-EFEBAE3DDDF0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200 has a memory leak vulnerability. An authenticated attacker could execute special commands many times, the memory leaking happened, which would cause the device to reset finally."}, {"lang": "es", "value": "El m\u00f3dulo patch en Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100 y V500R001C20SPC200 tienen una vulnerabilidad de filtrado de memoria. Un atacante autenticado podr\u00eda ejecutar comandos especiales en numerosas ocasiones, por lo que ocurrir\u00eda un filtrado de memoria y, finalmente, el dispositivo se reiniciar\u00eda"}], "id": "CVE-2017-15315", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-09T21:29:00.517", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-command-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Primary"}]}