There is a memory leak vulnerability in several Huawei products. An unauthenticated, remote attacker could craft malformed packets with specific parameters when connecting with the affect products by SFTP/SSH protocol. Due to insufficient validation of packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2017-07015)
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180103-01-sftp-en
CPE | Name | Operator | Version |
---|---|---|---|
dp300 | eq | V500R002C00 | |
rp200 | eq | V500R002C00SPC200 | |
rp200 | eq | V600R006C00 | |
te30 | eq | V100R001C02 | |
te30 | eq | V100R001C10 | |
te30 | eq | V500R002C00 | |
te30 | eq | V600R006C00 | |
te40 | eq | V500R002C00 | |
te40 | eq | V600R006C00 | |
te50 | eq | V500R002C00 |