Lucene search

Huawei TechnologiesHUAWEI-SA-20180124-01-MEMORY

HistoryJan 24, 2018 - 12:00 a.m.

Security Advisory - Memory Leak Vulnerability in Some Huawei Products

2018-01-2400:00:00

Huawei Technologies

www.huawei.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

0.0004 Low

EPSS

Percentile

5.1%

JSON

There is a memory leak vulnerability in some Huawei products. An authenticated, local attacker may craft and load some specific Certificate Revocation List(CRL) configuration files to the devices repeatedly. Due to not release allocated memory properly, successful exploit may result in memory leak and services abnormal. (Vulnerability ID: HWPSIRT-2017-08019)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17302.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-memory-en

Affected configurations

Vulners

Node

huaweidp300Matchv500r002c00

huaweirp200Matchv600r006c00

huaweite30Matchv100r001c10

huaweite30Matchv500r002c00

huaweite30Matchv600r006c00

huaweite40Matchv500r002c00

huaweite40Matchv600r006c00

huaweite50Matchv500r002c00

huaweite50Matchv600r006c00

huaweite60Matchv100r001c10

huaweite60Matchv500r002c00

huaweite60Matchv600r006c00

CPENameOperatorVersion
dp300eqV500R002C00
rp200eqV600R006C00
te30eqV100R001C10
te30eqV500R002C00
te30eqV600R006C00
te40eqV500R002C00
te40eqV600R006C00
te50eqV500R002C00
te50eqV600R006C00
te60eqV100R001C10

Name	Operator	Version
dp300	eq	V500R002C00
rp200	eq	V600R006C00
te30	eq	V100R001C10
te30	eq	V500R002C00
te30	eq	V600R006C00
te40	eq	V500R002C00
te40	eq	V600R006C00
te50	eq	V500R002C00
te50	eq	V600R006C00
te60	eq	V100R001C10

Rows per page:

1-10 of 121

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for HUAWEI-SA-20180124-01-MEMORY