CVE-2017-17202
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
15/02/2018
Last modified:
07/03/2018
Description
Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R005C32, V200R007C00, V200R008C20, V200R008C30, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, NetEngine16EX V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bounds read vulnerability due to insufficient input validation. An unauthenticated, remote attacker could exploit this vulnerability by sending malformed Session Initiation Protocol(SIP) packets to the target device. Successful exploit could make the device read out of bounds and thus cause a service to be unavailable.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:huawei:ar120-s_firmware:v200r005c32:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar120-s_firmware:v200r006c10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar120-s_firmware:v200r008c20:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar120-s_firmware:v200r008c30:*:*:*:*:*:*:* | ||
| cpe:2.3:h:huawei:ar120-s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar1200_firmware:v200r005c32:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar1200_firmware:v200r006c10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar1200_firmware:v200r007c00:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar1200_firmware:v200r007c01:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar1200_firmware:v200r007c02:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar1200_firmware:v200r008c20:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar1200_firmware:v200r008c30:*:*:*:*:*:*:* | ||
| cpe:2.3:h:huawei:ar1200:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar1200-s_firmware:v200r005c32:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page