First published: Thu Feb 15 2018(Updated: )
Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack memory is exhausted.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Dp300 Firmware | =v500r002c00 | |
Huawei DP300 | ||
Huawei Secospace Usg6300 Firmware | =v500r001c00 | |
Huawei Secospace Usg6300 Firmware | =v500r001c20 | |
Huawei Secospace Usg6300 Firmware | =v500r001c30 | |
Huawei Secospace Usg6300 Firmware | =v500r001c50 | |
Huawei Secospace USG6300 | ||
Huawei Secospace Usg6500 Firmware | =v500r001c00 | |
Huawei Secospace Usg6500 Firmware | =v500r001c20 | |
Huawei Secospace Usg6500 Firmware | =v500r001c30 | |
Huawei Secospace Usg6500 Firmware | =v500r001c50 | |
Huawei Secospace Usg6500 | ||
Huawei Secospace Usg6600 Firmware | =v500r001c00 | |
Huawei Secospace Usg6600 Firmware | =v500r001c20 | |
Huawei Secospace Usg6600 Firmware | =v500r001c30 | |
Huawei Secospace Usg6600 Firmware | =v500r001c50 | |
Huawei Secospace USG6600 | ||
Huawei Tp3206 Firmware | =v100r002c00 | |
Huawei Tp3206 | ||
Huawei Vp9660 Firmware | =v500r002c00 | |
Huawei Vp9660 Firmware | =v500r002c10 | |
Huawei VP9660 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-17166 is medium with a score of 5.3.
Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 are affected.
To fix CVE-2017-17166, it is recommended to update the firmware of the affected Huawei products to the latest version provided by Huawei.
You can find more information about CVE-2017-17166 in the security advisory published by Huawei at http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-h323-en.
The Common Weakness Enumeration (CWE) of CVE-2017-17166 is 400.