CVE-2017-17165

Published: Feb 15, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause device to reset.

Affected (54)

Products: Huawei: Quidway S2700 Firmware, Quidway S5300 Firmware, Quidway S5700 Firmware, S2300 Firmware, S2700 Firmware, S5300 Firmware, S5700 Firmware, S600 E Firmware, S6300 Firmware, S6700 Firmware

Huawei

10 products

Quidway S2700 Firmware

Quidway S5300 Firmware

Quidway S5700 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Quidway S2700 Firmware	Version v200r003c00spc300

Running on/with	Platform Versions
Huawei Quidway S2700	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Quidway S5300 Firmware	Version v200r003c00spc300

Running on/with	Platform Versions
Huawei Quidway S5300	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Quidway S5700 Firmware	Version v200r003c00spc300

Running on/with	Platform Versions
Huawei Quidway S5700	All versions

Configuration D

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S2300 Firmware	Version v200r003c00
Huawei S2300 Firmware	Version v200r003c00spc300t
Huawei S2300 Firmware	Version v200r005c00
Huawei S2300 Firmware	Version v200r006c00
Huawei S2300 Firmware	Version v200r007c00
Huawei S2300 Firmware	Version v200r008c00
Huawei S2300 Firmware	Version v200r009c00

Running on/with	Platform Versions
Huawei S2300	All versions

Configuration E

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S2700 Firmware	Version v200r005c00
Huawei S2700 Firmware	Version v200r006c00
Huawei S2700 Firmware	Version v200r007c00
Huawei S2700 Firmware	Version v200r008c00
Huawei S2700 Firmware	Version v200r009c00

Running on/with	Platform Versions
Huawei S2700	All versions

Configuration F

13 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S5300 Firmware	Version v200r003c00
Huawei S5300 Firmware	Version v200r003c00spc300t
Huawei S5300 Firmware	Version v200r003c00spc600
Huawei S5300 Firmware	Version v200r003c02
Huawei S5300 Firmware	Version v200r005c00
Huawei S5300 Firmware	Version v200r005c01
Huawei S5300 Firmware	Version v200r005c02
Huawei S5300 Firmware	Version v200r005c03
Huawei S5300 Firmware	Version v200r005c05
Huawei S5300 Firmware	Version v200r006c00
Huawei S5300 Firmware	Version v200r007c00
Huawei S5300 Firmware	Version v200r008c00
Huawei S5300 Firmware	Version v200r009c00

Running on/with	Platform Versions
Huawei S5300	All versions

Configuration G

12 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S5700 Firmware	Version v200r003c00
Huawei S5700 Firmware	Version v200r003c00spc316t
Huawei S5700 Firmware	Version v200r003c00spc600
Huawei S5700 Firmware	Version v200r003c02
Huawei S5700 Firmware	Version v200r005c00
Huawei S5700 Firmware	Version v200r005c01
Huawei S5700 Firmware	Version v200r005c02
Huawei S5700 Firmware	Version v200r005c03
Huawei S5700 Firmware	Version v200r006c00
Huawei S5700 Firmware	Version v200r007c00
Huawei S5700 Firmware	Version v200r008c00
Huawei S5700 Firmware	Version v200r009c00

Running on/with	Platform Versions
Huawei S5700	All versions

Configuration H

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S600 E Firmware	Version v200r008c00
Huawei S600 E Firmware	Version v200r009c00

Running on/with	Platform Versions
Huawei S600 E	All versions

Configuration I

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S6300 Firmware	Version v200r003c00
Huawei S6300 Firmware	Version v200r005c00
Huawei S6300 Firmware	Version v200r007c00
Huawei S6300 Firmware	Version v200r008c00
Huawei S6300 Firmware	Version v200r009c00

Running on/with	Platform Versions
Huawei S6300	All versions

Configuration J

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S6700 Firmware	Version v200r003c00
Huawei S6700 Firmware	Version v200r005c00
Huawei S6700 Firmware	Version v200r005c01
Huawei S6700 Firmware	Version v200r005c02
Huawei S6700 Firmware	Version v200r007c00
Huawei S6700 Firmware	Version v200r008c00
Huawei S6700 Firmware	Version v200r009c00

Running on/with	Platform Versions
Huawei S6700	All versions

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.