CVE-2017-17200

Published: Mar 9, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability due to the improper processing of malformed H323 messages. A remote attacker that controls a server could exploit this vulnerability by sending malformed H323 reply messages to a target device. Successful exploit could make the device read out of bounds and probably make a service unavailable.

Affected (13)

Products: Huawei: Dp300 Firmware, Rp200 Firmware, Te30 Firmware, Te40 Firmware, Te50 Firmware, Te60 Firmware

6 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Dp300 Firmware	Version v500r002c00

Running on/with	Platform Versions
Huawei Dp300	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rp200 Firmware	Version v500r002c00
Huawei Rp200 Firmware	Version v600r006c00

Running on/with	Platform Versions
Huawei Rp200	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Te30 Firmware	Version v100r001c10
Huawei Te30 Firmware	Version v500r002c00
Huawei Te30 Firmware	Version v600r006c00

Running on/with	Platform Versions
Huawei Te30	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Te40 Firmware	Version v500r002c00
Huawei Te40 Firmware	Version v600r006c00

Running on/with	Platform Versions
Huawei Te40	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Te50 Firmware	Version v500r002c00
Huawei Te50 Firmware	Version v600r006c00

Running on/with	Platform Versions
Huawei Te50	All versions

Configuration F

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Te60 Firmware	Version v100r001c10
Huawei Te60 Firmware	Version v500r002c00
Huawei Te60 Firmware	Version v600r006c00

Running on/with	Platform Versions
Huawei Te60	All versions

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-03-h323-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-03-h323-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.