Out-of-Bounds Read Vulnerability in Huawei DP300 and Related Products
CVE-2017-17199

5.9MEDIUM

Key Information:

Vendor: McAfee
Status: Dp300; Rp200; Te30; Te40; Te50; Te60
Vendor: CVE Published:; 9 March 2018

Summary

The out-of-bounds read vulnerability arises from improper handling of malformed H323 messages in selected Huawei devices. This flaw allows an attacker, who has control of a server, to send crafted H323 reply messages to the targeted device. If successfully exploited, this vulnerability could lead the device to read outside of expected memory boundaries, potentially resulting in service unavailability or unexpected behavior.

Affected Version(s)

DP300; RP200; TE30; TE40; TE50; TE60 DP300 V500R002C00

DP300; RP200; TE30; TE40; TE50; TE60 RP200 V500R002C00

DP300; RP200; TE30; TE40; TE50; TE60 V600R006C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 9, 2018
Vulnerability Reserved
Dec 4, 2017