Vulnerability CVE-2017-17250


Published: 2018-03-09

Description:
Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash.

Type:

CWE-787

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.1/10
6.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Huawei -> S6700 firmware 
Huawei -> Ar120-s firmware 
Huawei -> S7700 firmware 
Huawei -> Ar1200-s firmware 
Huawei -> S9700 firmware 
Huawei -> Ar1200 firmware 
Huawei -> Srg1300 firmware 
Huawei -> Ar150-s firmware 
Huawei -> Srg2300 firmware 
Huawei -> Ar150 firmware 
Huawei -> Srg3300 firmware 
Huawei -> Ar160 firmware 
Huawei -> Ar200-s firmware 
Huawei -> Ar200 firmware 
Huawei -> Ar2200-s firmware 
Huawei -> Ar3200 firmware 
Huawei -> Ar510 firmware 
Huawei -> Netengine16ex firmware 
Huawei -> S12700 firmware 
Huawei -> S2700 firmware 
Huawei -> S5700 firmware 

 References:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en

Copyright 2021, cxsecurity.com

 

Back to Top