Buffer Overflow Vulnerability in Huawei USG6300, USG6500, and USG6600 Products
CVE-2017-17317

3.7LOW

Key Information:

Vendor: McAfee
Status: Dp300; Ips Module; Ngfw Module; Rp200; Secospace Usg6300; Secospace Usg6500; Secospace Usg6600; Te30; Te40; Te50; Te60
Vendor: CVE Published:; 2 July 2018

Summary

The Common Open Policy Service Protocol (COPS) module in several Huawei networking products contains a buffer overflow vulnerability. An unprivileged, remote attacker can exploit this weakness by sending specially crafted messages to the affected devices if they control a peer device. The flaw arises from inadequate input validation, leading to potential disruptions of services and abnormal behavior in the affected products.

Affected Version(s)

DP300; IPS Module; NGFW Module; RP200; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60 USG6300 V100R001C10

DP300; IPS Module; NGFW Module; RP200; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60 V100R001C20

DP300; IPS Module; NGFW Module; RP200; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60 V100R001C30

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 2, 2018
Vulnerability Reserved
Dec 4, 2017