Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20180207-01-SCCPX
HistoryFeb 07, 2018 - 12:00 a.m.

Security Advisory - Three Vulnerabilities in SCCPX Module of Some Huawei Products

2018-02-0700:00:00
Huawei Technologies
www.huawei.com
20

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.002

Percentile

54.2%

There is an out-of-bounds read vulnerability in SCCPX module of some Huawei products. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. (Vulnerability ID: HWPSIRT-2017-08119)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17218.

There are two invalid memory access vulnerabilities in SCCPX module of some Huawei products. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. (Vulnerability ID: HWPSIRT-2017-08120 and HWPSIRT-2017-08121)

The two vulnerabilities have been assigned two Common Vulnerabilities and Exposures (CVE) IDs: CVE-2017-17219 and CVE-2017-17220.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-sccpx-en

Affected configurations

Vulners
Node
huaweidp300Matchv500r002c00
OR
huaweirp200Matchv500r002c00
OR
huaweirp200Matchv600r006c00
OR
huaweite30Matchv100r001c10
OR
huaweite30Matchv500r002c00
OR
huaweite30Matchv600r006c00
OR
huaweite40Matchv500r002c00
OR
huaweite40Matchv600r006c00
OR
huaweite50Matchv500r002c00
OR
huaweite50Matchv600r006c00
OR
huaweite60Matchv100r001c10
OR
huaweite60Matchv500r002c00
OR
huaweite60Matchv600r006c00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.002

Percentile

54.2%

Related for HUAWEI-SA-20180207-01-SCCPX