Out-of-Bounds Write Vulnerability in Huawei Networking Devices
CVE-2017-17250

6.5MEDIUM

Key Information:

Vendor

McAfee
Status
Ar120-s; Ar1200; Ar1200-s; Ar150; Ar150-s; Ar160; Ar200; Ar200-s; Ar2200-s; Ar3200; Ar510; Netengine16ex; Srg1300; Srg2300; Srg3300
Vendor
CVE Published:
9 March 2018

What is CVE-2017-17250?

Huawei networking devices are susceptible to an out-of-bounds write vulnerability. This occurs when an abnormal OSPF message is received and a query command is executed, leading to insufficient verification of the input data. As a result, the software writes data beyond the allocated buffer, which can be exploited by an unauthenticated, remote attacker. This exploit may cause the affected devices to crash, affecting network stability and performance.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AR120-S; AR1200; AR1200-S; AR150; AR150-S; AR160; AR200; AR200-S; AR2200-S; AR3200; AR510; NetEngine16EX; SRG1300; SRG2300; SRG3300 AR120-S V200R005C32

AR120-S; AR1200; AR1200-S; AR150; AR150-S; AR160; AR200; AR200-S; AR2200-S; AR3200; AR510; NetEngine16EX; SRG1300; SRG2300; SRG3300 AR1200 V200R005C32

AR120-S; AR1200; AR1200-S; AR150; AR150-S; AR160; AR200; AR200-S; AR2200-S; AR3200; AR510; NetEngine16EX; SRG1300; SRG2300; SRG3300 AR1200-S V200R005C32

References

http://www.huawei.com/en/psirt/security-advisories/huawei...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.