Buffer overflow

2018-02-1516:29:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

JSON

Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, NetEngine16EX V200R006C10, V200R007C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, SRG2300 V200R006C10, V200R007C00, V200R007C02, SRG3300 V200R006C10, V200R007C00 have a buffer overflow vulnerability due to incomplete range checks of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious IKE packets to the targeted device. An exploit could allow the attacker to cause the device to write out of bound and restart.

CPENameOperatorVersion
ar120-s_firmwareeq200r6c10-v
ar120-s_firmwareeq200r7c0-v
ar1200-s_firmwareeq200r6c10-v
ar1200-s_firmwareeq200r7c0-v
ar1200-s_firmwareeq200r8c20-v
ar1200_firmwareeq200r6c10-v
ar1200_firmwareeq200r6c13-v
ar1200_firmwareeq200r7c0-v
ar1200_firmwareeq200r7c2-v
ar150-s_firmwareeq200r6c10-v

Name	Operator	Version
ar120-s_firmware	eq	200r6c10-v
ar120-s_firmware	eq	200r7c0-v
ar1200-s_firmware	eq	200r6c10-v
ar1200-s_firmware	eq	200r7c0-v
ar1200-s_firmware	eq	200r8c20-v
ar1200_firmware	eq	200r6c10-v
ar1200_firmware	eq	200r6c13-v
ar1200_firmware	eq	200r7c0-v
ar1200_firmware	eq	200r7c2-v
ar150-s_firmware	eq	200r6c10-v