Strix
26.1K

CVE-2017-15333

UnknownEPSS 0.49%

Last modified

CVE-2017-15333 is a vulnerability of currently unknown severity. XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. EPSS estimates a 0.49% chance of exploitation in the next 30 days.

Description

XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks.

Metrics

EPSS Probability
0.49%

38.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HuaweiS12700 Firmwarev200r005c00
HuaweiS1700 Firmwarev200r009c00
HuaweiS1700 Firmwarev200r010c00
HuaweiS5700 Firmwarev200r001c00
HuaweiS5700 Firmwarev200r002c00
HuaweiS5700 Firmwarev200r003c00
HuaweiS5700 Firmwarev200r003c02
HuaweiS5700 Firmwarev200r005c00
HuaweiS5700 Firmwarev200r006c00
HuaweiS5700 Firmwarev200r007c00
HuaweiS5700 Firmwarev200r008c00
HuaweiS5700 Firmwarev200r009c00
HuaweiS5700 Firmwarev200r010c00
HuaweiS6700 Firmwarev200r001c00
HuaweiS6700 Firmwarev200r002c00
HuaweiS6700 Firmwarev200r003c00
HuaweiS6700 Firmwarev200r005c00
HuaweiS6700 Firmwarev200r005c02
HuaweiS6700 Firmwarev200r008c00
HuaweiS6700 Firmwarev200r009c00
HuaweiS6700 Firmwarev200r010c00
HuaweiS7700 Firmwarev200r001c00
HuaweiS7700 Firmwarev200r002c00
HuaweiS7700 Firmwarev200r003c00
HuaweiS7700 Firmwarev200r005c00
HuaweiS7700 Firmwarev200r006c00
HuaweiS7700 Firmwarev200r007c00
HuaweiS7700 Firmwarev200r008c00
HuaweiS7700 Firmwarev200r009c00
HuaweiS7700 Firmwarev200r010c00
HuaweiS9700 Firmwarev200r001c00
HuaweiS9700 Firmwarev200r002c00
HuaweiS9700 Firmwarev200r003c00
HuaweiS9700 Firmwarev200r005c00
HuaweiS9700 Firmwarev200r006c00
HuaweiS9700 Firmwarev200r007c00
HuaweiS9700 Firmwarev200r008c00
HuaweiS9700 Firmwarev200r009c00
HuaweiS9700 Firmwarev200r010c00
HuaweiEcns210 Td Firmwarev100r004c10
HuaweiEcns210 Td Firmwarev100r004c10spc003
HuaweiEcns210 Td Firmwarev100r004c10spc100
HuaweiEcns210 Td Firmwarev100r004c10spc101
HuaweiEcns210 Td Firmwarev100r004c10spc102
HuaweiEcns210 Td Firmwarev100r004c10spc200
HuaweiEcns210 Td Firmwarev100r004c10spc221
HuaweiEcns210 Td Firmwarev100r004c10spc400

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-15333?
XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks.
How severe is CVE-2017-15333?
Severity scoring for CVE-2017-15333 is pending analysis. The EPSS model estimates a 0.49% probability of exploitation in the next 30 days.
How do I fix CVE-2017-15333?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-15333?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST