First published: Fri Mar 09 2018(Updated: )
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability due to the improper processing of malformed H323 messages. A remote attacker that controls a server could exploit this vulnerability by sending malformed H323 reply messages to a target device. Successful exploit could make the device read out of bounds and probably make a service unavailable.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Dp300 Firmware | =v500r002c00 | |
Huawei DP300 | ||
Huawei Rp200 Firmware | =v500r002c00 | |
Huawei Rp200 Firmware | =v600r006c00 | |
Huawei Rp200 | ||
Huawei Te30 Firmware | =v100r001c10 | |
Huawei Te30 Firmware | =v500r002c00 | |
Huawei Te30 Firmware | =v600r006c00 | |
Huawei TE30 | ||
Huawei Te40 Firmware | =v500r002c00 | |
Huawei Te40 Firmware | =v600r006c00 | |
Huawei Te40 | ||
Huawei Te50 Firmware | =v500r002c00 | |
Huawei Te50 Firmware | =v600r006c00 | |
Huawei Te50 | ||
Huawei Te60 Firmware | =v100r001c10 | |
Huawei Te60 Firmware | =v500r002c00 | |
Huawei Te60 Firmware | =v600r006c00 | |
Huawei TE60 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2017-17200.
No, this vulnerability is considered to have a medium severity.
Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 are affected by this vulnerability.
This vulnerability allows for an out-of-bounds read, which can lead to information disclosure and potentially compromise the affected devices.
Yes, Huawei has provided a security advisory with instructions on how to mitigate this vulnerability. Please refer to the Huawei security advisory for more information.