Heap Overflow Vulnerability in Huawei Network Equipment Products
CVE-2017-17136

5.5MEDIUM

Key Information:

Vendor
McAfee
Status
Dp300; Ips Module; Ngfw Module; Nip6300; Nip6600; Rp200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace Usg6300; Secospace Usg6500; Secospace Usg6600; Te30; Te40; Te50; Te60; Tp3106; Tp3206; Usg9500; VieWPoint 9030
Vendor
CVE Published:
5 March 2018

Summary

This vulnerability resides in the PEM module of various Huawei network equipment and is characterized by a heap overflow due to insufficient verification of certificates. An authenticated local attacker can exploit this weakness by submitting a malicious certificate, potentially leading to application crashes and resulting in denial of service. The vulnerability affects multiple product versions across different Huawei models, emphasizing the need for prompt security updates and patches.

Affected Version(s)

DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 DP300 V500R002C00

DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 IPS Module V500R001C00

DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 V500R001C30

References

http://www.huawei.com/en/psirt/security-advisories/huawei...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.