Invalid Memory Access Vulnerability in Huawei DP300 and Related Products
CVE-2017-17220

5.3MEDIUM

Key Information:

Vendor: McAfee
Status: Dp300; Rp200; Te30; Te40; Te50; Te60
Vendor: CVE Published:; 9 March 2018

What is CVE-2017-17220?

The SCCPX module in select Huawei products is susceptible to an invalid memory access vulnerability. An unauthenticated attacker can exploit this issue by sending specially crafted packets to the affected devices. Insufficient packet validation may lead to service disruptions, impacting the availability of critical services provided by the products.

Affected Version(s)

DP300; RP200; TE30; TE40; TE50; TE60 DP300 V500R002C00

DP300; RP200; TE30; TE40; TE50; TE60 RP200 V500R002C00

DP300; RP200; TE30; TE40; TE50; TE60 V600R006C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2018
Vulnerability Reserved
Dec 4, 2017

McAfee

What is CVE-2017-17220?

Affected Version(s)

References

CVSS V3.1

Timeline