CVE-2017-17221
Summary
| CVE | CVE-2017-17221 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-03-09 17:29:00 UTC |
| Updated | 2018-03-27 20:42:00 UTC |
| Description | Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Huawei | Espace 7950 | - | All | All | All |
| Hardware | Huawei | Espace 7950 | - | All | All | All |
| Operating System | Huawei | Espace 7950 Firmware | v200r003c30 | All | All | All |
| Operating System | Huawei | Espace 7950 Firmware | v200r003c30 | All | All | All |
| Hardware | Huawei | Espace 8950 | - | All | All | All |
| Hardware | Huawei | Espace 8950 | - | All | All | All |
| Operating System | Huawei | Espace 8950 Firmware | v200r003c00 | All | All | All |
| Operating System | Huawei | Espace 8950 Firmware | v200r003c30 | All | All | All |
| Operating System | Huawei | Espace 8950 Firmware | v200r003c00 | All | All | All |
| Operating System | Huawei | Espace 8950 Firmware | v200r003c30 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory - Two Remote Code Execution Vulnerabilities in Huawei eSpace Product | CONFIRM | www.huawei.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.