Out-of-Bounds Write Vulnerability in Huawei Networking Devices
CVE-2017-17250

6.5MEDIUM

Key Information:

Vendor: McAfee
Status: Ar120-s; Ar1200; Ar1200-s; Ar150; Ar150-s; Ar160; Ar200; Ar200-s; Ar2200-s; Ar3200; Ar510; Netengine16ex; Srg1300; Srg2300; Srg3300
Vendor: CVE Published:; 9 March 2018

Summary

Huawei networking devices are susceptible to an out-of-bounds write vulnerability. This occurs when an abnormal OSPF message is received and a query command is executed, leading to insufficient verification of the input data. As a result, the software writes data beyond the allocated buffer, which can be exploited by an unauthenticated, remote attacker. This exploit may cause the affected devices to crash, affecting network stability and performance.

Affected Version(s)

AR120-S; AR1200; AR1200-S; AR150; AR150-S; AR160; AR200; AR200-S; AR2200-S; AR3200; AR510; NetEngine16EX; SRG1300; SRG2300; SRG3300 AR120-S V200R005C32

AR120-S; AR1200; AR1200-S; AR150; AR150-S; AR160; AR200; AR200-S; AR2200-S; AR3200; AR510; NetEngine16EX; SRG1300; SRG2300; SRG3300 AR1200 V200R005C32

AR120-S; AR1200; AR1200-S; AR150; AR150-S; AR160; AR200; AR200-S; AR2200-S; AR3200; AR510; NetEngine16EX; SRG1300; SRG2300; SRG3300 AR1200-S V200R005C32

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 9, 2018
Vulnerability Reserved
Dec 4, 2017