Lucene search

Huawei TechnologiesHUAWEI-SA-20180207-03-H323

HistoryFeb 07, 2018 - 12:00 a.m.

Security Advisory - Two Out-of-Bounds Read Vulnerabilities in Some Huawei Products

2018-02-0700:00:00

Huawei Technologies

www.huawei.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

59.2%

JSON

Some Huawei products have two out-of-bounds read vulnerabilities due to the improper processing of malformed H323 messages. A remote attacker that controls a server could exploit this vulnerability by sending malformed H323 reply messages to a target device. Successful exploit could make the device read out of bounds and probably make a service unavailable. (Vulnerability ID: HWPSIRT-2017-08046 and HWPSIRT-2017-08047)
The two vulnerabilities have been assigned two Common Vulnerabilities and Exposures (CVE) IDs: CVE-2017-17199 and CVE-2017-17200.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-03-h323-en

Affected configurations

Vulners

Node

huaweidp300Matchv500r002c00

huaweirp200Matchv500r002c00

huaweirp200Matchv600r006c00

huaweite30Matchv100r001c10

huaweite30Matchv500r002c00

huaweite30Matchv600r006c00

huaweite40Matchv500r002c00

huaweite40Matchv600r006c00

huaweite50Matchv500r002c00

huaweite50Matchv600r006c00

huaweite60Matchv100r001c10

huaweite60Matchv500r002c00

huaweite60Matchv600r006c00

CPENameOperatorVersion
dp300eqV500R002C00
rp200eqV500R002C00
rp200eqV600R006C00
te30eqV100R001C10
te30eqV500R002C00
te30eqV600R006C00
te40eqV500R002C00
te40eqV600R006C00
te50eqV500R002C00
te50eqV600R006C00

Name	Operator	Version
dp300	eq	V500R002C00
rp200	eq	V500R002C00
rp200	eq	V600R006C00
te30	eq	V100R001C10
te30	eq	V500R002C00
te30	eq	V600R006C00
te40	eq	V500R002C00
te40	eq	V600R006C00
te50	eq	V500R002C00
te50	eq	V600R006C00

Rows per page:

1-10 of 131

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

59.2%

JSON

Related for HUAWEI-SA-20180207-03-H323