Invalid Memory Access Vulnerability in Huawei DP300 and RP200 Products
CVE-2017-17219

5.3MEDIUM

Key Information:

Vendor: McAfee
Status: Dp300; Rp200; Te30; Te40; Te50; Te60
Vendor: CVE Published:; 9 March 2018

Summary

The SCCPX module within various Huawei products, including the DP300 and RP200 series, has been identified with a vulnerability related to invalid memory access. This allows an unauthenticated remote attacker to send specifically crafted malformed packets that exploit insufficient validation mechanisms in the affected systems. If successfully executed, this exploitation can disrupt the service availability, affecting the overall functionality of the products.

Affected Version(s)

DP300; RP200; TE30; TE40; TE50; TE60 DP300 V500R002C00

DP300; RP200; TE30; TE40; TE50; TE60 RP200 V500R002C00

DP300; RP200; TE30; TE40; TE50; TE60 V600R006C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 9, 2018
Vulnerability Reserved
Dec 4, 2017