Resource Exhaustion Vulnerability in Huawei Networking Products
CVE-2017-17166

5.3MEDIUM

What is CVE-2017-17166?

Huawei networking devices such as the DP300 and various models of the Secospace USG series exhibit a resource exhaustion vulnerability due to improper handling of certain fields in H.323 messages. Attackers can exploit this flaw by sending specially crafted H.323 messages, which could lead to service unavailability as the stack memory becomes exhausted. This vulnerability highlights the importance of secure handling of communication protocols in network devices to prevent potential service disruption and maintain operational integrity.

Affected Version(s)

DP300, Secospace USG6300,Secospace USG6500,Secospace USG6600,TP3206, VP9660 DP300 V500R002C00,Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50,Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50,Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50,TP3206 V100R002C00,VP9660 V500R002C00, V500R002C10

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.