Vulnerability CVE-2017-15349


Published: 2018-02-15

Description:
Huawei CloudEngine 12800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 5800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 6800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 7800 V100R003C00, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Resource ReServation Protocol (RSVP) packets to the affected products. Due to not release the memory to handle the packets, successful exploit will result in memory leak of the affected products and lead to a DoS condition.

Type:

CWE-772

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Huawei -> Cloudengine 12800 firmware 
Huawei -> Cloudengine 5800 firmware 
Huawei -> Cloudengine 6800 firmware 
Huawei -> Cloudengine 7800 firmware 

 References:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-router-en

Copyright 2024, cxsecurity.com

 

Back to Top