Null Pointer Reference Vulnerability in Huawei VP9660 License Module
CVE-2017-17133

5.5MEDIUM

Key Information:

Vendor: McAfee
Status: Vp9660
Vendor: CVE Published:; 5 March 2018

Summary

The Huawei VP9660 V500R002C10 contains a null pointer reference vulnerability within its license module, stemming from inadequate verification processes. This issue can be exploited by an authenticated local attacker who places a malicious license file in the system. The exploitation leads to attempts to access memory via a null pointer, resulting in crashes during processing. Such vulnerabilities can be used to execute denial-of-service attacks, compromising system stability and performance.

Affected Version(s)

VP9660 V500R002C10

References

http://www.huawei.com/en/psirt/security-advisories/2017/h...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2018
Vulnerability Reserved
Dec 4, 2017