Vulnerability CVE-2017-17151


Published: 2018-02-15

Description:
Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS attacks.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Huawei -> Ar100-s firmware 
Huawei -> Dp300 firmware 
Huawei -> Ar100 firmware 
Huawei -> Netengine16ex firmware 
Huawei -> Ar110-s firmware 
Huawei -> Rp200 firmware 
Huawei -> Ar120-s firmware 
Huawei -> Srg1300 firmware 
Huawei -> Ar1200-s firmware 
Huawei -> Srg2300 firmware 
Huawei -> Ar1200 firmware 
Huawei -> Srg3300 firmware 
Huawei -> Ar120 firmware 
Huawei -> Te30 firmware 
Huawei -> Ar150-s firmware 
Huawei -> Te40 firmware 
Huawei -> Ar150 firmware 
Huawei -> Te50 firmware 
Huawei -> Ar160 firmware 
Huawei -> Te60 firmware 
Huawei -> Ar200-s firmware 
Huawei -> Tp3106 firmware 
Huawei -> Ar200 firmware 
Huawei -> Tp3206 firmware 
Huawei -> Ar2200-s firmware 
Huawei -> Viewpoint 8660 firmware 
Huawei -> Ar2200 firmware 
Huawei -> Viewpoint 9030 firmware 
Huawei -> Ar3200 firmware 
Huawei -> Ar510 firmware 

 References:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-h323-en

Copyright 2020, cxsecurity.com

 

Back to Top