CVE-2017-17223 - OpenCVE

Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

AV:N/AC:L/Au:S/C:P/I:P/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Espace 7910 Espace 7910 Firmware Espace 7950 Espace 7950 Firmware Espace 8950 Espace 8950 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:espace_7910_firmware:v200r003c30:*:*:*:*:*:*:*

cpe:2.3:h:huawei:espace_7910:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:espace_7950_firmware:v200r003c30:*:*:*:*:*:*:*

cpe:2.3:h:huawei:espace_7950:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:huawei:espace_8950_firmware:v200r003c00:::::::*
	cpe:2.3:o:huawei:espace_8950_firmware:v200r003c30:::::::*

cpe:2.3:h:huawei:espace_8950:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2018-03-09T17:00:00

Updated: 2024-08-05T20:44:00.244Z

Reserved: 2017-12-04T00:00:00

Link: CVE-2017-17223

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-03-09T17:29:01.347

Modified: 2018-03-26T17:26:08.040

Link: CVE-2017-17223

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "eSpace 7910; eSpace 7950; eSpace 8950", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "eSpace 7910 V200R003C30"}, {"status": "affected", "version": "eSpace 7950 V200R003C30"}, {"status": "affected", "version": "eSpace 8950 V200R003C00"}, {"status": "affected", "version": "V200R003C30"}]}], "datePublic": "2018-01-31T00:00:00", "descriptions": [{"lang": "en", "value": "Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash."}], "problemTypes": [{"descriptions": [{"description": "directory traversal", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-09T16:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2017-17223", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "eSpace 7910; eSpace 7950; eSpace 8950", "version": {"version_data": [{"version_value": "eSpace 7910 V200R003C30"}, {"version_value": "eSpace 7950 V200R003C30"}, {"version_value": "eSpace 8950 V200R003C00"}, {"version_value": "V200R003C30"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "directory traversal"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:44:00.244Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-17223", "datePublished": "2018-03-09T17:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-08-05T20:44:00.244Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:espace_7910_firmware:v200r003c30:*:*:*:*:*:*:*", "matchCriteriaId": "2BD48657-22D4-4CAD-88DB-F60A2964CABF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:espace_7910:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC59BBCD-9CBC-4D16-AB67-5C28FE9CFAF2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:espace_7950_firmware:v200r003c30:*:*:*:*:*:*:*", "matchCriteriaId": "4523A712-FF77-4BDA-B213-0AE2BDC4152C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:espace_7950:-:*:*:*:*:*:*:*", "matchCriteriaId": "185783AE-3135-471E-8D55-4BAB3A187F21", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:espace_8950_firmware:v200r003c00:*:*:*:*:*:*:*", "matchCriteriaId": "72548F60-D6B8-4498-8668-9074A706C3A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:espace_8950_firmware:v200r003c30:*:*:*:*:*:*:*", "matchCriteriaId": "6E0B1E39-ACEB-44FB-BDDE-F3856CF6137A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:espace_8950:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8BFC4FD-DC7A-47E9-BC06-86F11E2211AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash."}, {"lang": "es", "value": "Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30 y eSpace 8950 V200R003C00 y V200R003C30 tienen una vulnerabilidad de salto de directorio. Un atacante remoto autenticado podr\u00eda manipular un archivo URL espec\u00edficas en los productos afectados. Dada la validaci\u00f3n insuficiente de la URL, un exploit con \u00e9xito cargar\u00e1 y descargar\u00e1 archivos y provocar\u00e1 un filtrado de informaci\u00f3n y el cierre inesperado del sistema."}], "id": "CVE-2017-17223", "lastModified": "2018-03-26T17:26:08.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-09T17:29:01.347", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}