CVE-2017-17138

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 98.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Dp300 Firmware Huawei IPS Module Firmware Huawei Ngfw Module Firmware +21 more

Timeline

PublishedMar 5

Latest updateMay 14

Description

PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages24 packages

▶NVDhuawei/ngfw_module_firmwarev500r001c00, v500r002c00+1

▶NVDhuawei/ips_module_firmwarev500r001c00, v500r001c30+1

▶NVDhuawei/secospace_usg6300_firmwarev500r001c00, v500r001c30+1

▶NVDhuawei/secospace_usg6500_firmwarev500r001c00, v500r001c30+1

▶NVDhuawei/secospace_usg6600_firmwarev500r001c00, v500r001c30s+1

🔴Vulnerability Details

GHSA

GHSA-9274-jv3g-h7g3: PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600↗2022-05-14

▶

CVEList

CVE-2017-17138: PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600↗2018-03-05

▶