CVE-2017-17160: Buffer Overflow
First published: Thu Feb 15 2018(Updated: )
Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, NetEngine16EX V200R006C10, V200R007C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, SRG2300 V200R006C10, V200R007C00, V200R007C02, SRG3300 V200R006C10, V200R007C00 have a buffer overflow vulnerability due to incomplete range checks of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious IKE packets to the targeted device. An exploit could allow the attacker to cause the device to write out of bound and restart.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei AR120-S | =v200r006c10 | |
| Huawei AR120-S | =v200r007c00 | |
| Huawei AR120 firmware | ||
| Huawei ar1200 firmware | =v200r006c10 | |
| Huawei ar1200 firmware | =v200r006c13 | |
| Huawei ar1200 firmware | =v200r007c00 | |
| Huawei ar1200 firmware | =v200r007c02 | |
| Huawei AR1200 | ||
| Huawei ar1200-s firmware | =v200r006c10 | |
| Huawei ar1200-s firmware | =v200r007c00 | |
| Huawei ar1200-s firmware | =v200r008c20 | |
| Huawei ar1200-s | ||
| Huawei ar150 firmware | =v200r006c10 | |
| Huawei ar150 firmware | =v200r007c00 | |
| Huawei ar150 firmware | =v200r007c02 | |
| Huawei AR 150 | ||
| Huawei ar150-s firmware | =v200r006c10 | |
| Huawei ar150-s firmware | =v200r007c00 | |
| Huawei ar150-s | ||
| Huawei AR160 Firmware | =v200r006c10 | |
| Huawei AR160 Firmware | =v200r006c12 | |
| Huawei AR160 Firmware | =v200r007c00 | |
| Huawei AR160 Firmware | =v200r007c02 | |
| Huawei AR160 Firmware | ||
| Huawei AR200 Firmware | =v200r006c10 | |
| Huawei AR200 Firmware | =v200r007c00 | |
| Huawei AR200 | ||
| Huawei AR200-S Firmware | =v200r006c10 | |
| Huawei AR200-S Firmware | =v200r007c00 | |
| Huawei AR200-S Firmware | ||
| Huawei AR2200 Series Firmware | =v200r006c10 | |
| Huawei AR2200 Series Firmware | =v200r006c13 | |
| Huawei AR2200 Series Firmware | =v200r006c16pwe | |
| Huawei AR2200 Series Firmware | =v200r007c00 | |
| Huawei AR2200 Series Firmware | ||
| Huawei AR2200 Series Firmware | =v200r006c10 | |
| Huawei AR2200 Series Firmware | =v200r007c00 | |
| Huawei AR2200 Series Firmware | =v200r008c20 | |
| Huawei AR2200-S | ||
| Huawei AR3200 | =v200r006c10 | |
| Huawei AR3200 | =v200r006c11 | |
| Huawei AR3200 | =v200r007c00 | |
| Huawei AR3200 | =v200r007c02 | |
| Huawei AR3200 firmware | ||
| Huawei AR3600 Firmware | =v200r006c10 | |
| Huawei AR3600 Firmware | =v200r007c00 | |
| Huawei AR3600 Firmware | ||
| Huawei AR510 Firmware | =v200r006c12 | |
| Huawei AR510 Firmware | =v200r006c13 | |
| Huawei AR510 Firmware | =v200r006c15 | |
| Huawei AR510 Firmware | =v200r006c16 | |
| Huawei AR510 Firmware | =v200r006c17 | |
| Huawei AR510 Firmware | =v200r007c00 | |
| Huawei AR510 | ||
| Huawei NetEngine 16EX firmware | =v200r006c10 | |
| Huawei NetEngine 16EX firmware | =v200r007c00 | |
| Huawei NetEngine 16EX | ||
| Huawei SRG1300 Firmware | =v200r006c10 | |
| Huawei SRG1300 Firmware | =v200r007c00 | |
| Huawei SRG1300 Firmware | =v200r007c02 | |
| Huawei SRG1300 | ||
| Huawei SRG2300 | =v200r006c10 | |
| Huawei SRG2300 | =v200r007c00 | |
| Huawei SRG2300 | =v200r007c02 | |
| Huawei SRG2300 | ||
| Huawei SRG3300 | =v200r006c10 | |
| Huawei SRG3300 | =v200r007c00 | |
| Huawei SRG3300 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-17160?
CVE-2017-17160 has a high severity rating due to its potential impact on affected devices.
How do I fix CVE-2017-17160?
To fix CVE-2017-17160, update the firmware of your vulnerable Huawei devices to the latest version recommended by Huawei.
Which devices are affected by CVE-2017-17160?
CVE-2017-17160 affects several Huawei devices including AR120-S, AR1200, AR150, AR160, and AR200 models among others.
What are potential risks associated with CVE-2017-17160?
The potential risks include unauthorized access and the ability to execute remote commands on the affected devices.
Are there any mitigations available for CVE-2017-17160?
While updating firmware is the primary fix, limiting access to the affected devices can serve as a temporary mitigation strategy.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei ar120-s
- version/huawei ar120-s/v200r006c10
- version/huawei ar120-s/v200r007c00
- canonical/huawei ar120 firmware
- canonical/huawei ar1200 firmware
- version/huawei ar1200 firmware/v200r006c10
- version/huawei ar1200 firmware/v200r006c13
- version/huawei ar1200 firmware/v200r007c00
- version/huawei ar1200 firmware/v200r007c02
- canonical/huawei ar1200
- canonical/huawei ar1200-s firmware
- version/huawei ar1200-s firmware/v200r006c10
- version/huawei ar1200-s firmware/v200r007c00
- version/huawei ar1200-s firmware/v200r008c20
- canonical/huawei ar1200-s
- canonical/huawei ar150 firmware
- version/huawei ar150 firmware/v200r006c10
- version/huawei ar150 firmware/v200r007c00
- version/huawei ar150 firmware/v200r007c02
- canonical/huawei ar 150
- canonical/huawei ar150-s firmware
- version/huawei ar150-s firmware/v200r006c10
- version/huawei ar150-s firmware/v200r007c00
- canonical/huawei ar150-s
- canonical/huawei ar160 firmware
- version/huawei ar160 firmware/v200r006c10
- version/huawei ar160 firmware/v200r006c12
- version/huawei ar160 firmware/v200r007c00
- version/huawei ar160 firmware/v200r007c02
- canonical/huawei ar200 firmware
- version/huawei ar200 firmware/v200r006c10
- version/huawei ar200 firmware/v200r007c00
- canonical/huawei ar200
- canonical/huawei ar200-s firmware
- version/huawei ar200-s firmware/v200r006c10
- version/huawei ar200-s firmware/v200r007c00
- canonical/huawei ar2200 series firmware
- version/huawei ar2200 series firmware/v200r006c10
- version/huawei ar2200 series firmware/v200r006c13
- version/huawei ar2200 series firmware/v200r006c16pwe
- version/huawei ar2200 series firmware/v200r007c00
- version/huawei ar2200 series firmware/v200r008c20
- canonical/huawei ar2200-s
- canonical/huawei ar3200
- version/huawei ar3200/v200r006c10
- version/huawei ar3200/v200r006c11
- version/huawei ar3200/v200r007c00
- version/huawei ar3200/v200r007c02
- canonical/huawei ar3200 firmware
- canonical/huawei ar3600 firmware
- version/huawei ar3600 firmware/v200r006c10
- version/huawei ar3600 firmware/v200r007c00
- canonical/huawei ar510 firmware
- version/huawei ar510 firmware/v200r006c12
- version/huawei ar510 firmware/v200r006c13
- version/huawei ar510 firmware/v200r006c15
- version/huawei ar510 firmware/v200r006c16
- version/huawei ar510 firmware/v200r006c17
- version/huawei ar510 firmware/v200r007c00
- canonical/huawei ar510
- canonical/huawei netengine 16ex firmware
- version/huawei netengine 16ex firmware/v200r006c10
- version/huawei netengine 16ex firmware/v200r007c00
- canonical/huawei netengine 16ex
- canonical/huawei srg1300 firmware
- version/huawei srg1300 firmware/v200r006c10
- version/huawei srg1300 firmware/v200r007c00
- version/huawei srg1300 firmware/v200r007c02
- canonical/huawei srg1300
- canonical/huawei srg2300
- version/huawei srg2300/v200r006c10
- version/huawei srg2300/v200r007c00
- version/huawei srg2300/v200r007c02
- canonical/huawei srg3300
- version/huawei srg3300/v200r006c10
- version/huawei srg3300/v200r007c00