First published: Thu Feb 15 2018(Updated: )
Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Ips Module Firmware | =v500r001c00 | |
Huawei IPS Module | ||
Huawei Ngfw Module Firmware | =v500r001c00 | |
Huawei NGFW Module | ||
Huawei Nip6300 Firmware | =v500r001c00 | |
Huawei NIP6300 | ||
Huawei Nip6600 Firmware | =v500r001c00 | |
Huawei Nip6600 | ||
Huawei Secospace Usg6300 Firmware | =v500r001c00 | |
Huawei Secospace USG6300 | ||
Huawei Secospace Usg6600 Firmware | =v500r001c00 | |
Huawei Secospace USG6600 | ||
Huawei Usg9500 Firmware | =v500r001c00 | |
Huawei USG9500 | ||
Huawei Secospace Usg6500 Firmware | =v500r001c00 | |
Huawei Secospace Usg6500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-15348 is a vulnerability affecting Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00.
CVE-2017-15348 has a severity level of 7.5, which is considered high.
CVE-2017-15348 affects Huawei IPS Module V500R001C00 by allowing an unauthenticated, remote attacker to exploit an insufficient input validation vulnerability.
Yes, Huawei IPS Module V500R001C00 is vulnerable to CVE-2017-15348.
More information about CVE-2017-15348 can be found on the Huawei Security Advisories website at http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en.