Buffer Error in Huawei ENUM Module Across Multiple Products
CVE-2017-17310

7.5HIGH

Key Information:

Vendor: McAfee
Status: Dp300, Rp200, Te30, Te40, Te50, Te60
Vendor: CVE Published:; 18 April 2018

Summary

The ENUM module in various Huawei products has a buffer error vulnerability that can be exploited by an unauthenticated remote attacker. Successful exploitation requires the attacker to control the peer device and send specifically crafted ENUM packets. Due to inadequate verification of certain values in these packets, this can lead to abnormal service behavior and disruptions.

Affected Version(s)

DP300, RP200, TE30, TE40, TE50, TE60 DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2018
Vulnerability Reserved
Dec 4, 2017