Out-of-Bounds Read Vulnerability in MAX PRESENCE and TP Series by Huawei
CVE-2017-8199

6.5MEDIUM

Key Information:

Vendor: McAfee
Status: Max Presence,tp3106,tp3206,
Vendor: CVE Published:; 22 November 2017

Summary

Huawei's MAX PRESENCE V100R001C00 and TP3106, TP3206 V100R002C00 encounter an out-of-bounds read vulnerability in the H323 protocol. This flaw allows an authenticated attacker to send specially crafted packets to the affected products without proper validation. Exploiting this vulnerability may lead to service disruption by causing the affected processes to reboot, increasing susceptibility to further attacks.

Affected Version(s)

MAX PRESENCE,TP3106,TP3206, V100R001C00,V100R002C00,V100R002C00,

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101951

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Apr 25, 2017