Denial of Service Vulnerability in Huawei XML Parsers
CVE-2017-15333

4.7MEDIUM

Key Information:

Vendor

McAfee
Status
S12700, S1700,s3700,s5700,s6700,s7700, S9700, Ecns210 Td
Vendor
CVE Published:
15 February 2018

What is CVE-2017-15333?

The XML parser in multiple Huawei products contains a Denial of Service vulnerability that can be exploited by an attacker to cause a service interruption. By crafting specific XML files and sending them to the affected devices, the vulnerability allows the parser to be triggered without proper validation, leading to potential service outages. Users of the impacted products should apply the appropriate security measures as suggested in Huawei's advisory.

Affected Version(s)

S12700, S1700,S3700,S5700,S6700,S7700, S9700, eCNS210_TD S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400,

References

http://www.huawei.com/en/psirt/security-advisories/huawei...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.