Resource Exhaustion Vulnerability in Huawei Networking Products
CVE-2017-17166

5.3MEDIUM

Key Information:

Vendor

McAfee
Status
Dp300, Secospace Usg6300,secospace Usg6500,secospace Usg6600,tp3206, Vp9660
Vendor
CVE Published:
15 February 2018

What is CVE-2017-17166?

Huawei networking devices such as the DP300 and various models of the Secospace USG series exhibit a resource exhaustion vulnerability due to improper handling of certain fields in H.323 messages. Attackers can exploit this flaw by sending specially crafted H.323 messages, which could lead to service unavailability as the stack memory becomes exhausted. This vulnerability highlights the importance of secure handling of communication protocols in network devices to prevent potential service disruption and maintain operational integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DP300, Secospace USG6300,Secospace USG6500,Secospace USG6600,TP3206, VP9660 DP300 V500R002C00,Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50,Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50,Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50,TP3206 V100R002C00,VP9660 V500R002C00, V500R002C10

References

http://www.huawei.com/en/psirt/security-advisories/2017/h...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.