Vulnerabilities > CVE-2017-17217 - Out-of-bounds Write vulnerability in Huawei products

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

high complexity

huawei

CWE-787

NVD

Published: 2018-03-09

Updated: 2018-03-26

Summary

Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds write vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Dp300 Firmware V500R002C00 Huawei Rp200 Firmware V500R002C00Spc200 Huawei Rp200 Firmware V600R006C00 Huawei Te30 Firmware V100R001C10 Huawei Te30 Firmware V500R002C00 Huawei Te30 Firmware V600R006C00 Huawei Te40 Firmware V500R002C00 Huawei Te40 Firmware V600R006C00 Huawei Te50 Firmware V500R002C00 Huawei Te50 Firmware V600R006C00 Huawei Te60 Firmware V100R001C10 Huawei Te60 Firmware V500R002C00 Huawei Te60 Firmware V600R006C00	13
Hardware	Huawei Huawei Dp300 - Huawei Rp200 - Huawei Te30 - Huawei Te40 - Huawei Te50 - Huawei Te60 -	6

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-mgcp-en