OSPF Implementation Flaw in Huawei Networking Products
CVE-2017-8147
Key Information:
Summary
An improper implementation of the Open Shortest Path First (OSPF) routing protocol in various Huawei networking products allows attackers to manipulate the Link Status Age. By sending specially crafted LSA packets to the affected devices, an attacker can set the LS age to MaxAge (3600 seconds), which can lead to a poisoned route table and enable Denial of Service (DoS) attacks. This vulnerability highlights the critical need for secure implementations in networking protocols.
Affected Version(s)
AC6005,AC6605,AR1200,AR200,AR3200,CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800,CloudEngine 8800,E600,S12700,S1700,S2300,S2700,S5300,S5700,S6300,S6700,S7700,S9300,S9700,Secospace USG6600, AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software V200R005C10CP0582T, V200R005C10HP0581T, V200R005C20SPC026T,AR200 with software V200R005C20SPC026T,AR3200 V200R005C20SPC026T,CloudEngine 12800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00, V200R001C00,CloudEngine 5800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00, V200R001C00,CloudEngine 6800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00, V200R001C00,CloudEngine 7800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00, V200R001C00,CloudEngine 8800 with software V100R006C00, V200R001C00,E600 V200R008C00,S12700 with software V200R005C00, V200R006C00, V200R007C00, V200R008C00,S1700 with software V100R006C00, V100R007C00, V200R006C00,S2300 with software V100R005C00, V100R006C00, V100R006C03, V100R006C05, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00,S2700 with software V100R005 ...[truncated*]
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved