Resource Exhaustion Vulnerability in Huawei Networking Products
CVE-2017-17166

5.3MEDIUM

Key Information:

Vendor: McAfee
Status: Dp300, Secospace Usg6300,secospace Usg6500,secospace Usg6600,tp3206, Vp9660
Vendor: CVE Published:; 15 February 2018

What is CVE-2017-17166?

Huawei networking devices such as the DP300 and various models of the Secospace USG series exhibit a resource exhaustion vulnerability due to improper handling of certain fields in H.323 messages. Attackers can exploit this flaw by sending specially crafted H.323 messages, which could lead to service unavailability as the stack memory becomes exhausted. This vulnerability highlights the importance of secure handling of communication protocols in network devices to prevent potential service disruption and maintain operational integrity.

Affected Version(s)

DP300, Secospace USG6300,Secospace USG6500,Secospace USG6600,TP3206, VP9660 DP300 V500R002C00,Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50,Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50,Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50,TP3206 V100R002C00,VP9660 V500R002C00, V500R002C10

References

http://www.huawei.com/en/psirt/security-advisories/2017/h...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2018
Vulnerability Reserved
Dec 4, 2017

McAfee

What is CVE-2017-17166?

Affected Version(s)

References

CVSS V3.1

Timeline