CVE-2017-17199
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
09/03/2018
Last modified:
29/03/2018
Description
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability due to the improper processing of malformed H323 messages. A remote attacker that controls a server could exploit this vulnerability by sending malformed H323 reply messages to a target device. Successful exploit could make the device read out of bounds and probably make a service unavailable.
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:* | ||
cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:* | ||
cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:* | ||
cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:* | ||
cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:* | ||
cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:* | ||
cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:* | ||
cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:* | ||
cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:* | ||
cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:* | ||
cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page