medium
4.3
CWE
119
Advisory Published
Updated

CVE-2017-15337: Buffer Overflow

First published: Thu Feb 15 2018(Updated: )

The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker would have to find a way to craft specific messages to the affected products. Due to the insufficient validation for SIP messages, successful exploit may cause services abnormal.

Credit: psirt@huawei.com

Affected SoftwareAffected VersionHow to fix
Huawei DP300 firmware=v500r002c00
Huawei DP300 firmware
Huawei IPS firmware=v100r001c10
Huawei IPS firmware=v100r001c20
Huawei IPS firmware=v100r001c30
Huawei IPS firmware=v500r001c00
Huawei IPS firmware=v500r001c20
Huawei IPS firmware=v500r001c30
Huawei IPS firmware=v500r001c50
Huawei IPS Module firmware
Huawei NGFW Module firmware=v100r001c10
Huawei NGFW Module firmware=v100r001c20
Huawei NGFW Module firmware=v100r001c30
Huawei NGFW Module firmware=v500r001c00
Huawei NGFW Module firmware=v500r001c20
Huawei NGFW Module firmware=v500r002c00
Huawei NGFW Module firmware=v500r002c10
Huawei NGFW Module
Huawei NIP6300 firmware=v500r001c00
Huawei NIP6300 firmware=v500r001c20
Huawei NIP6300 firmware=v500r001c30
Huawei NIP6300 firmware=v500r001c50
Huawei NIP6300 firmware
Huawei NIP6600=v500r001c00
Huawei NIP6600=v500r001c20
Huawei NIP6600=v500r001c30
Huawei NIP6600=v500r001c50
Huawei NIP6600 firmware
Huawei NIP6800 Firmware=v500r001c50
Huawei NIP6800 Firmware
Huawei RP200=v500r002c00
Huawei RP200=v600r006c0
Huawei RP200 firmware
Huawei SVN5600 firmware=v200r003c00
Huawei SVN5600 firmware=v200r003c10
Huawei SVN5600
Huawei SVN5800 firmware=v200r003c00
Huawei SVN5800 firmware=v200r003c10
Huawei SVN5800
Huawei SVN5800-C firmware=v200r003c00
Huawei SVN5800-C firmware=v200r003c10
Huawei SVN5800-C
Huawei SeMG9811=v300r001c01
Huawei SeMG9811 firmware
Huawei USG6300E firmware=v100r001c10
Huawei USG6300E firmware=v100r001c20
Huawei USG6300E firmware=v100r001c30
Huawei USG6300E firmware=v500r001c00
Huawei USG6300E firmware=v500r001c20
Huawei USG6300E firmware=v500r001c30
Huawei USG6300E firmware=v500r001c50
Huawei Secospace USG6300 firmware
Huawei Secospace USG6500=v100r001c10
Huawei Secospace USG6500=v100r001c20
Huawei Secospace USG6500=v100r001c30
Huawei Secospace USG6500=v500r001c00
Huawei Secospace USG6500=v500r001c20
Huawei Secospace USG6500=v500r001c30
Huawei Secospace USG6500=v500r001c50
Huawei Secospace USG6500 firmware
Huawei Secospace USG6600 firmware=v100r001c00
Huawei Secospace USG6600 firmware=v100r001c20
Huawei Secospace USG6600 firmware=v100r001c30
Huawei Secospace USG6600 firmware=v500r001c00
Huawei Secospace USG6600 firmware=v500r001c20
Huawei Secospace USG6600 firmware=v500r001c30
Huawei Secospace USG6600 firmware=v500r001c50
Huawei Secospace USG6600 firmware
Huawei TE30 Firmware=v100r001c02
Huawei TE30 Firmware=v100r001c10
Huawei TE30 Firmware=v500r002c00
Huawei TE30 Firmware=v600r006c00
Huawei TE30 Firmware
Huawei TE40=v500r002c00
Huawei TE40=v600r006c00
Huawei TE40
Huawei TE50=v500r002c00
Huawei TE50=v600r006c00
Huawei TE50 firmware
Huawei TE60 Firmware=v100r001c01
Huawei TE60 Firmware=v100r001c10
Huawei TE60 Firmware=v500r002c00
Huawei TE60 Firmware=v600r006c00
Huawei TE60 Firmware
Huawei USG9500 firmware=v500r001c00
Huawei USG9500 firmware=v500r001c20
Huawei USG9500 firmware=v500r001c30
Huawei Eudemon USG9500
Huawei USG9520 firmware=v300r001c01
Huawei USG9520 firmware=v300r001c20
Huawei USG9520
Huawei USG9560 firmware=v300r001c01
Huawei USG9560 firmware=v300r001c20
Huawei USG9560
Huawei USG9580 firmware=v300r001c01
Huawei USG9580 firmware=v300r001c20
Huawei USG9580
Huawei VP9660 firmware=v200r001c02
Huawei VP9660 firmware=v200r001c30
Huawei VP9660 firmware=v500r002c00
Huawei VP9660 firmware=v500r002c10
Huawei VP 9660 firmware
Huawei ViewPoint 8660 firmware=v100r008c03
Huawei ViewPoint 8660
Huawei ViewPoint 9030=v100r011c02
Huawei ViewPoint 9030=v100r011c03
Huawei ViewPoint 9030 firmware
Huawei eSpace U1981=v100r001c20
Huawei eSpace U1981=v200r003c00
Huawei eSpace U1981=v200r003c20
Huawei eSpace U1981=v200r003c30
Huawei eSpace unified gateway U1981

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2017-15337?

    CVE-2017-15337 has a medium severity rating, which indicates potential impact but typically requires some form of user interaction or further vulnerability exploitation.

  • How do I fix CVE-2017-15337?

    To mitigate CVE-2017-15337, upgrade to the latest firmware version provided by Huawei for affected products.

  • Which Huawei products are affected by CVE-2017-15337?

    CVE-2017-15337 affects multiple Huawei products including the DP300, IPS Module, and several other firmware versions.

  • Is CVE-2017-15337 actively exploited in the wild?

    As of now, there is no reported active exploitation of CVE-2017-15337 in the wild.

  • What type of vulnerability is CVE-2017-15337?

    CVE-2017-15337 is a vulnerability in the SIP module that could allow remote attackers to exploit certain conditions, impacting the confidentiality and integrity of the system.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203