Denial of Service Vulnerability in Huawei Networking Products
CVE-2017-15346

4.7MEDIUM

Key Information:

Vendor
McAfee
Status
S12700, S1700,s3700,s5700,s6700,s7700, S9700, Ecns210 Td
Vendor
CVE Published:
15 February 2018

Summary

The XML parser in various Huawei networking products is susceptible to Denial of Service (DoS) attacks. By crafting malicious XML files that exploit the parser's lack of validation checks, an attacker can trigger a DoS condition. This vulnerability affects numerous models within the S series and eCNS210_TD, allowing for disruptions in service where unauthorized access leads to product unavailability. Users should prioritize updates and security measures to mitigate this risk.

Affected Version(s)

S12700, S1700,S3700,S5700,S6700,S7700, S9700, eCNS210_TD S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400,

References

http://www.huawei.com/en/psirt/security-advisories/huawei...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.