← Back

CVE-2017-15315

nvd nist
Published: Mar 9, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200 has a memory leak vulnerability. An authenticated attacker could execute special commands many times, the memory leaking happened, which would cause the device to reset finally.

Affected (8)

Huawei
4 products
Nip6300 Firmware
Nip6600 Firmware
Secospace Usg6300 Firmware
Secospace Usg6500 Firmware
Configuration A
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Huawei
Nip6300 Firmware
Version v500r001c20spc100
Nip6300 Firmware
Version v500r001c20spc200
Running on/withPlatform Versions
Huawei
Nip6300
All versions
Configuration B
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Huawei
Nip6600 Firmware
Version v500r001c20spc100
Nip6600 Firmware
Version v500r001c20spc200
Running on/withPlatform Versions
Huawei
Nip6600
All versions
Configuration C
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Huawei
Secospace Usg6300 Firmware
Version v500r001c20spc100
Secospace Usg6300 Firmware
Version v500r001c20spc200
Running on/withPlatform Versions
Huawei
Secospace Usg6300
All versions
Configuration D
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Huawei
Secospace Usg6500 Firmware
Version v500r001c20spc100
Secospace Usg6500 Firmware
Version v500r001c20spc200
Running on/withPlatform Versions
Huawei
Secospace Usg6500
All versions

Related CWEs

CWE-772
Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

References (2)

Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.