First published: Wed Nov 22 2017(Updated: )
MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
=v100r001c00 | ||
Huawei Tp3106 Firmware | =v100r002c00 | |
Huawei Tp3106 | ||
Huawei Tp3206 Firmware | =v100r002c00 | |
Huawei Tp3206 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-8199 is a vulnerability in the MAX PRESENCE and TP3106/TP3206 products from Huawei that allows an attacker to perform an out-of-bounds read during the H323 protocol.
The severity of CVE-2017-8199 is medium with a CVSS score of 6.5.
CVE-2017-8199 affects the MAX PRESENCE V100R001C00, TP3106 V100R002C00, and TP3206 V100R002C00 products from Huawei.
An attacker can exploit CVE-2017-8199 by logging in to the system as a user and sending crafted packets to the affected products.
Yes, you can find references for CVE-2017-8199 at the following links: [Huawei Security Advisory](http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-en) and [SecurityFocus](http://www.securityfocus.com/bid/101951).