Denial of Service Vulnerability in Huawei DP300, RP200, and TE series
CVE-2017-17131

5.7MEDIUM

Key Information:

Vendor: McAfee
Status: Dp300; Rp200; Te30; Te50; Te60; Vp9660
Vendor: CVE Published:; 6 December 2017

Summary

A Denial of Service vulnerability exists in several Huawei products, including the DP300, RP200, and TE series, due to inadequate validation of parameters when loading a putty comment key. This flaw could be exploited by an authenticated remote attacker who uploads a malformed putty key file, creating an infinite loop that causes the system to reboot. This vulnerability highlights the importance of ensuring proper validation of input parameters to maintain system integrity and availability.

Affected Version(s)

DP300; RP200; TE30; TE50; TE60; VP9660 DP300 V500R002C00

DP300; RP200; TE30; TE50; TE60; VP9660 RP200 V500R002C00

DP300; RP200; TE30; TE50; TE60; VP9660 V600R006C00

References

http://www.huawei.com/en/psirt/security-advisories/2017/h...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2017
Vulnerability Reserved
Dec 4, 2017