Out-of-Bounds Memory Access Vulnerability in Huawei DP300 and Other Products
CVE-2017-17137

5.5MEDIUM

Key Information:

Vendor
McAfee
Status
Dp300; Ips Module; Ngfw Module; Nip6300; Nip6600; Rp200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace Usg6300; Secospace Usg6500; Secospace Usg6600; Te30; Te40; Te50; Te60; Tp3106; Tp3206; Usg9500; VieWPoint 9030
Vendor
CVE Published:
5 March 2018

Summary

The PEM module and various other Huawei products are affected by an out-of-bounds memory access vulnerability caused by insufficient verification of input data. An authenticated local attacker can potentially exploit this flaw by submitting a malicious certificate to the system, leading to a denial of service through the crash of processing. Proper validation of input credentials is essential to mitigate this risk.

Affected Version(s)

DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 DP300 V500R002C00

DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 IPS Module V500R001C00

DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030 V500R001C30

References

http://www.huawei.com/en/psirt/security-advisories/huawei...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.