SIP Module Overflow Vulnerability in Huawei Networking Products
CVE-2017-17142

5.3MEDIUM

Key Information:

Vendor: McAfee
Status: Dp300; Rp200; Rse6500; Te30; Te40; Te50; Te60; Tp3106; Tp3206; VieWPoint 9030; Espace U1960; Espace U1981
Vendor: CVE Published:; 5 March 2018

Summary

The SIP module in several Huawei products suffers from an overflow vulnerability, which can be exploited by attackers through specially crafted SIP messages. This can lead to an unexpected process reboot, potentially disrupting services and impacting network stability. It is essential for organizations using affected products to apply security updates and implement monitoring to detect and mitigate any attempts of exploitation.

Affected Version(s)

DP300; RP200; RSE6500; TE30; TE40; TE50; TE60; TP3106; TP3206; ViewPoint 9030; eSpace U1960; eSpace U1981 DP300 V500R002C00

DP300; RP200; RSE6500; TE30; TE40; TE50; TE60; TP3106; TP3206; ViewPoint 9030; eSpace U1960; eSpace U1981 V500R002C00SPC100

DP300; RP200; RSE6500; TE30; TE40; TE50; TE60; TP3106; TP3206; ViewPoint 9030; eSpace U1960; eSpace U1981 V500R002C00SPC200

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2018
Vulnerability Reserved
Dec 4, 2017