Memory Leak Vulnerability in Huawei CloudEngine Switches
CVE-2017-15349

7.5HIGH

Key Information:

Vendor: McAfee
Status: Cloudengine 12800,cloudengine 5800,cloudengine 6800,cloudengine 7800,
Vendor: CVE Published:; 15 February 2018

Summary

A memory leak vulnerability exists in Huawei's CloudEngine series, specifically affecting multiple versions of the 12800, 5800, 6800, and 7800 models. This vulnerability allows unauthenticated attackers to send specially crafted Resource Reservation Protocol (RSVP) packets to the affected devices. The failure to properly release memory allocated for these packets can lead to a gradual depletion of system resources, resulting in degraded performance or denial of service (DoS) conditions. Network administrators should consider monitoring for unusual RSVP traffic and applying security patches provided by Huawei to mitigate the risk.

Affected Version(s)

CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800, CloudEngine 12800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 5800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 6800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 7800 V100R003C00, V100R005C00, V100R005C10, V100R006C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2018
Vulnerability Reserved
Oct 14, 2017