CVE-2017-15348

Published: Feb 15, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.

Affected (8)

Products: Huawei: Ips Module Firmware, Ngfw Module Firmware, Nip6300 Firmware, Nip6600 Firmware, Secospace Usg6300 Firmware, Secospace Usg6600 Firmware, Usg9500 Firmware, Secospace Usg6500 Firmware

8 products

Secospace Usg6300 Firmware

Secospace Usg6600 Firmware

Usg9500 Firmware

Secospace Usg6500 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Ips Module Firmware	Version v500r001c00

Running on/with	Platform Versions
Huawei Ips Module	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Ngfw Module Firmware	Version v500r001c00

Running on/with	Platform Versions
Huawei Ngfw Module	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Nip6300 Firmware	Version v500r001c00

Running on/with	Platform Versions
Huawei Nip6300	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Nip6600 Firmware	Version v500r001c00

Running on/with	Platform Versions
Huawei Nip6600	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Secospace Usg6300 Firmware	Version v500r001c00

Running on/with	Platform Versions
Huawei Secospace Usg6300	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Secospace Usg6600 Firmware	Version v500r001c00

Running on/with	Platform Versions
Huawei Secospace Usg6600	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Usg9500 Firmware	Version v500r001c00

Running on/with	Platform Versions
Huawei Usg9500	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Secospace Usg6500 Firmware	Version v500r001c00

Running on/with	Platform Versions
Huawei Secospace Usg6500	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.