Multiple vulnerabilities in HPE Edgeline EL300 Converged Edge System
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2021-23017 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 CVE-2017-13704 |
| CWE-ID | CWE-193 CWE-122 CWE-401 CWE-400 CWE-119 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. |
| Vulnerable software Subscribe |
Edgeline EL300 Converged Edge System Other software / Other software solutions |
| Vendor | HPE |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Off-by-one
EUVDB-ID: #VU53543
Risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-23017
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an off-by-one error within the ngx_resolver_copy() function when processing DNS responses. A remote attacker can trigger an off-by-one error, write a dot character (‘.’, 0x2E) out of bounds in a heap allocated buffer and execute arbitrary code on the system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E.
MitigationInstall update from vendor's website.
Vulnerable software versionsEdgeline EL300 Converged Edge System: before 1.50
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04214en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Heap-based buffer overflow
EUVDB-ID: #VU8660
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-14491
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in dnsmasq.c file when processing DNS replies. A remote unauthenticated attacker can send specially crafted DNS packets to the affected service, trigger heap-based buffer overflow by 2 bytes and crash the service or execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEdgeline EL300 Converged Edge System: before 1.50
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04214en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Heap-based buffer overflow
EUVDB-ID: #VU8661
Risk: Medium
CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-14492
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing IPv6 router advertisements. A remote unauthenticated attacker on local network can send specially crafted IPv6 router advertisement to the affected service, trigger heap-based buffer overflow and crash the service or execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEdgeline EL300 Converged Edge System: before 1.50
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04214en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Heap-based buffer overflow
EUVDB-ID: #VU8662
Risk: Medium
CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-14493
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing DHCPv6 requests. A remote unauthenticated attacker on local network can send specially crafted DHCPv6 request to the affected service, trigger heap-based buffer overflow and crash the service or execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEdgeline EL300 Converged Edge System: before 1.50
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04214en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Memory leak
EUVDB-ID: #VU8663
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-14494
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to memory leak when processing DHCPv6 requests. A remote unauthenticated attacker on local network can send specially crafted DHCPv6 request to the affected service and cause dnsmasq to forward memory from outside the packet buffer to a DHCPv6 server when acting as a relay.
Successful exploitation of this vulnerability may allow an attacker to read parts of memory from the affected system and bypass ASLR.
MitigationInstall update from vendor's website.
Vulnerable software versionsEdgeline EL300 Converged Edge System: before 1.50
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04214en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Memory exhaustion
EUVDB-ID: #VU8664
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-14495
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect memory allocation (memory is never freed) in add_pseudoheader() function when processing DNS queries. A remote unauthenticated attacker can send a specially crafted DNS request to the affected service and cause dnsmasq to consume all available memory.
Successful exploitation of this vulnerability may allow an attacker to perform a denial of service (DoS) attack, but requires that dnsmasq is compiled with --add-mac, --add-cpe-id or --add-subnet option.
Install update from vendor's website.
Vulnerable software versionsEdgeline EL300 Converged Edge System: before 1.50
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04214en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Memory corruption
EUVDB-ID: #VU8665
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-14496
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in add_pseudoheader() function when processing DNS queries. A remote unauthenticated attacker can send a specially crafted DNS request to the affected service, cause dnsmasq to call memcpy with negative size and crash.
Successful exploitation of this vulnerability may allow an attacker to perform a denial of service (DoS) attack, but requires that dnsmasq is compiled with --add-mac, --add-cpe-id or --add-subnet option.
Install update from vendor's website.
Vulnerable software versionsEdgeline EL300 Converged Edge System: before 1.50
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04214en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Memory corruption
EUVDB-ID: #VU8666
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13704
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in when processing DNS queries longer than 512 bytes or EDNS0 packet size is different. A remote unauthenticated attacker can send a specially crafted DNS request to the affected service and trigger the application crash.
Successful exploitation of this vulnerability may allow an attacker to perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsEdgeline EL300 Converged Edge System: before 1.50
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04214en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
