CVE-2017-17162
First published: Thu Feb 15 2018(Updated: )
Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Secospace USG6600 firmware | =v500r001c30spc100 | |
| Huawei Secospace USG6600 firmware | =v500r001c30spc200 | |
| Huawei Secospace USG6600 firmware | =v500r001c30spc300 | |
| Huawei Secospace USG6600 firmware | ||
| Huawei USG9500 firmware | =v500r001c30spc100 | |
| Huawei USG9500 firmware | =v500r001c30spc200 | |
| Huawei USG9500 firmware | =v500r001c30spc300 | |
| Huawei Eudemon USG9500 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-17162?
CVE-2017-17162 has a medium severity level due to its potential for resource exhaustion through a memory leak.
How do I fix CVE-2017-17162?
To fix CVE-2017-17162, update your Huawei Secospace USG6600 or USG9500 firmware to the latest patched version.
What systems are affected by CVE-2017-17162?
CVE-2017-17162 affects Huawei Secospace USG6600 firmware versions V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC300 and USG9500 firmware versions V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC300.
Who is vulnerable to CVE-2017-17162?
Local authenticated attackers with access to the affected Huawei firewall devices are vulnerable to CVE-2017-17162.
What is the impact of CVE-2017-17162?
The impact of CVE-2017-17162 includes potential denial of service due to resource exhaustion leading to a slowdown or crash of affected devices.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/tags
- agent/softwarecombine
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei secospace usg6600 firmware
- version/huawei secospace usg6600 firmware/v500r001c30spc100
- version/huawei secospace usg6600 firmware/v500r001c30spc200
- version/huawei secospace usg6600 firmware/v500r001c30spc300
- canonical/huawei usg9500 firmware
- version/huawei usg9500 firmware/v500r001c30spc100
- version/huawei usg9500 firmware/v500r001c30spc200
- version/huawei usg9500 firmware/v500r001c30spc300
- canonical/huawei eudemon usg9500