CVE-2017-17330
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/03/2018
Last modified:
03/10/2019
Description
Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200R007C01; V200R007C02; V200R008C00; V200R008C10; V200R008C20; V200R008C30; NGFW Module V500R001C00; V500R001C20; V500R002C00 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML element data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory.
Impact
Base Score 3.x
3.30
Severity 3.x
LOW
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:huawei:ar3200_firmware:v200r005c32:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar3200_firmware:v200r006c10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar3200_firmware:v200r006c11:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar3200_firmware:v200r007c00:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar3200_firmware:v200r007c01:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar3200_firmware:v200r007c02:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar3200_firmware:v200r008c00:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar3200_firmware:v200r008c10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar3200_firmware:v200r008c20:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ar3200_firmware:v200r008c30:*:*:*:*:*:*:* | ||
| cpe:2.3:h:huawei:ar3200:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c20:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:* | ||
| cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page