Memory Leak Vulnerability in Huawei AR3200 and NGFW Modules
CVE-2017-17330

3.3LOW

Key Information:

Vendor: McAfee
Status: Ar3200; Ngfw Module
Vendor: CVE Published:; 9 March 2018

Summary

Huawei AR3200 and NGFW Modules contain a memory leak issue due to improper memory allocation when parsing XML element data. An authenticated attacker could exploit this vulnerability by uploading a specially crafted XML file, potentially leading to abnormal system service behavior due to exhaustion of available memory.

Affected Version(s)

AR3200; NGFW Module AR3200 V200R005C32

AR3200; NGFW Module V200R006C10

AR3200; NGFW Module V200R006C11

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 9, 2018
Vulnerability Reserved
Dec 4, 2017