SIP Module Overflow Vulnerability in Huawei Products
CVE-2017-17143

5.3MEDIUM

Key Information:

Vendor: McAfee
Status: Dp300; Rp200; Rse6500; Te30; Te40; Te50; Te60; Tp3106; Tp3206; VieWPoint 9030; Espace U1960; Espace U1981
Vendor: CVE Published:; 5 March 2018

Summary

The SIP module in Huawei products has a significant overflow vulnerability that arises from its inability to properly parse malformed SIP messages while validating specific variables. This flaw can potentially allow an attacker to trigger a process to reboot unexpectedly, possibly leading to service interruptions.

Affected Version(s)

DP300; RP200; RSE6500; TE30; TE40; TE50; TE60; TP3106; TP3206; ViewPoint 9030; eSpace U1960; eSpace U1981 DP300 V500R002C00

DP300; RP200; RSE6500; TE30; TE40; TE50; TE60; TP3106; TP3206; ViewPoint 9030; eSpace U1960; eSpace U1981 V500R002C00SPC100

DP300; RP200; RSE6500; TE30; TE40; TE50; TE60; TP3106; TP3206; ViewPoint 9030; eSpace U1960; eSpace U1981 V500R002C00SPC200

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2018
Vulnerability Reserved
Dec 4, 2017