Out-of-Bounds Read Vulnerability in Huawei Networking Devices
CVE-2017-17316

5.3MEDIUM

Key Information:

Vendor

McAfee
Status
Dp300; Rp200; Te30; Te40; Te50; Te60
Vendor
CVE Published:
2 July 2018

What is CVE-2017-17316?

Huawei networking devices, including models like DP300 and TE series, have been identified to possess an out-of-bounds read vulnerability. This flaw arises from inadequate input validation in the Signalling Connection Control Part (SCCP) messages. An unauthenticated remote attacker can exploit this vulnerability by controlling a peer device and crafting malicious SCCP messages, potentially leading to abnormal service disruptions. It is crucial for users to assess their exposure and apply necessary patches to mitigate risks.

Affected Version(s)

DP300; RP200; TE30; TE40; TE50; TE60 DP300 V500R002C00

DP300; RP200; TE30; TE40; TE50; TE60 RP200 V500R002C00

DP300; RP200; TE30; TE40; TE50; TE60 V600R006C00

References

https://www.huawei.com/en/psirt/security-advisories/huawe...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-17316 : Out-of-Bounds Read Vulnerability in Huawei Networking Devices