CVE-2017-15348: Input Validation
First published: Thu Feb 15 2018(Updated: )
Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Ips Module Firmware | =v500r001c00 | |
| Huawei IPS Module | ||
| Huawei Ngfw Module Firmware | =v500r001c00 | |
| Huawei NGFW Module | ||
| Huawei Nip6300 Firmware | =v500r001c00 | |
| Huawei NIP6300 | ||
| Huawei Nip6600 Firmware | =v500r001c00 | |
| Huawei Nip6600 | ||
| Huawei Secospace Usg6300 Firmware | =v500r001c00 | |
| Huawei Secospace USG6300 | ||
| Huawei Secospace Usg6600 Firmware | =v500r001c00 | |
| Huawei Secospace USG6600 | ||
| Huawei Usg9500 Firmware | =v500r001c00 | |
| Huawei USG9500 | ||
| Huawei Secospace Usg6500 Firmware | =v500r001c00 | |
| Huawei Secospace Usg6500 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2017-15348?
CVE-2017-15348 is a vulnerability affecting Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00.
What is the severity of CVE-2017-15348?
CVE-2017-15348 has a severity level of 7.5, which is considered high.
How does CVE-2017-15348 affect Huawei IPS Module?
CVE-2017-15348 affects Huawei IPS Module V500R001C00 by allowing an unauthenticated, remote attacker to exploit an insufficient input validation vulnerability.
Is Huawei IPS Module V500R001C00 vulnerable to CVE-2017-15348?
Yes, Huawei IPS Module V500R001C00 is vulnerable to CVE-2017-15348.
Where can I find more information about CVE-2017-15348?
More information about CVE-2017-15348 can be found on the Huawei Security Advisories website at http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/huawei
- canonical/huawei ips module firmware
- version/huawei ips module firmware/v500r001c00
- canonical/huawei ips module
- canonical/huawei ngfw module firmware
- version/huawei ngfw module firmware/v500r001c00
- canonical/huawei ngfw module
- canonical/huawei nip6300 firmware
- version/huawei nip6300 firmware/v500r001c00
- canonical/huawei nip6300
- canonical/huawei nip6600 firmware
- version/huawei nip6600 firmware/v500r001c00
- canonical/huawei nip6600
- canonical/huawei secospace usg6300 firmware
- version/huawei secospace usg6300 firmware/v500r001c00
- canonical/huawei secospace usg6300
- canonical/huawei secospace usg6600 firmware
- version/huawei secospace usg6600 firmware/v500r001c00
- canonical/huawei secospace usg6600
- canonical/huawei usg9500 firmware
- version/huawei usg9500 firmware/v500r001c00
- canonical/huawei usg9500
- canonical/huawei secospace usg6500 firmware
- version/huawei secospace usg6500 firmware/v500r001c00
- canonical/huawei secospace usg6500