Huawei : Huawei Data Communication: Two Vulnerabilities in Some Huawei Products (huawei-sa-20171018-01-h323)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.143952

Kategorie: Huawei

Titel: Huawei Data Communication: Two Vulnerabilities in Some Huawei Products (huawei-sa-20171018-01-h323)

Zusammenfassung: There is a DoS vulnerability in some Huawei products.

Beschreibung: Summary:
There is a DoS vulnerability in some Huawei products.

Vulnerability Insight:
There is a DoS vulnerability in some Huawei products. Due to incorrect malformed message processing logic, an authenticated, remote attacker could send specially crafted message to the target device. Successful exploit of the vulnerability could cause stack overflow and make a service unavailable. (Vulnerability ID: HWPSIRT-2017-04159)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8162.There is an out-of-bounds read vulnerability in some Huawei products. Due to insufficient input validation, an authenticated, remote attacker could send specially crafted message to the target device. Successful exploit of the vulnerability could cause out-of-bounds read and system crash. (Vulnerability ID: HWPSIRT-2017-04160)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8163.Huawei has released software updates to fix these vulnerabilities. This advisory is available in the linked references.

Vulnerability Impact:
Successful exploit of the vulnerability could cause stack overflow and make a service unavailable.

Affected Software/OS:
AR120-S versions V200R006C10 V200R007C00 V200R008C20 V200R008C30

AR1200 versions V200R006C10 V200R006C13 V200R007C00 V200R007C01 V200R007C02 V200R008C20 V200R008C30

AR1200-S versions V200R006C10 V200R007C00 V200R008C20 V200R008C30

AR150 versions V200R006C10 V200R007C00 V200R007C01 V200R007C02 V200R008C20 V200R008C30

AR150-S versions V200R006C10SPC300 V200R007C00 V200R008C20 V200R008C30

AR160 versions V200R006C10 V200R006C12 V200R007C00 V200R007C01 V200R007C02 V200R008C20 V200R008C30

AR200 versions V200R006C10 V200R007C00 V200R007C01 V200R008C20 V200R008C30

AR200-S versions V200R006C10 V200R007C00 V200R008C20 V200R008C30

AR2200 versions V200R006C10 V200R006C13 V200R006C16PWE V200R007C00 V200R007C01 V200R007C02 V200R008C20 V200R008C30

AR2200-S versions V200R006C10 V200R007C00 V200R008C20 V200R008C30

AR3200 versions V200R006C10 V200R006C11 V200R007C00 V200R007C01 V200R007C02 V200R008C00 V200R008C10 V200R008C20 V200R008C30

AR3600 versions V200R006C10 V200R007C00 V200R007C01 V200R008C20

AR510 versions V200R006C10 V200R006C12 V200R006C13 V200R006C15 V200R006C16 V200R006C17 V200R007C00SPC600 V200R008C20 V200R008C30

DP300 versions V500R002C00

IPS Module versions V100R001C10SPC200 V100R001C20SPC100 V100R001C30 V500R001C00 V500R001C20 V500R001C30 V500R001C50

NGFW Module versions V100R001C10SPC200 V100R001C20SPC100 V100R001C30 V500R001C00 V500R001C20 V500R002C00 V500R002C10

NIP6300 versions V500R001C00 V500R001C20 V500R001C30 V500R001C50

NIP6600 versions V500R001C00 V500R001C20 V500R001C30 V500R001C50

NIP6800 versions V500R001C50

NetEngine16EX versions V200R006C10 V200R007C00 V200R008C20 V200R008C30

RP200 versions V500R002C00SPC200 V600R006C00

RSE6500 versions V500R002C00

SMC2.0 versions V100R003C10 V100R005C00SPC100 V500R002C00 V600R006C00

SRG1300 versions V200R006C10 V200R007C00 V200R007C02 V200R008C20 V200R008C30

SRG2300 versions V200R006C10 V200R007C00 V200R007C02 V200R008C20 V200R008C30

SRG3300 versions V200R006C10 V200R007C00 V200R008C20 V200R008C30

SeMG9811 versions V300R001C01SPC500

Secospace USG6300 versions V100R001C10SPC200 V100R001C20SPC002T V100R001C30B018 V500R001C00 V500R001C20 V500R001C30 V500R001C50

Secospace USG6500 versions V100R001C10SPC200 V100R001C20SPC100 V100R001C30B018 V500R001C00 V500R001C20 V500R001C30 V500R001C50

Secospace USG6600 versions V100R001C00SPC200 V100R001C10SPC200 V100R001C20SPC070B710 V100R001C30 V500R001C00 V500R001C20 V500R001C30 V500R001C50

TE30 versions V100R001C02B053SP02 V100R001C10 V500R002C00SPC200 V600R006C00

TE40 versions V500R002C00SPC600 V600R006C00

TE50 versions V500R002C00SPC600 V600R006C00

TE60 versions V100R001C01SPC100 V100R001C10 V500R002C00 V600R006C00

TP3106 versions V100R002C00

TP3206 versions V100R002C00

USG9500 versions V500R001C00 V500R001C20 V500R001C30 V500R001C50

ViewPoint 9030 versions V100R011C02SPC100 V100R011C03B012SP15

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-8162
Common Vulnerability Exposure (CVE) ID: CVE-2017-8163

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.143952
Kategorie:	Huawei
Titel:	Huawei Data Communication: Two Vulnerabilities in Some Huawei Products (huawei-sa-20171018-01-h323)
Zusammenfassung:	There is a DoS vulnerability in some Huawei products.
Beschreibung:	Summary: There is a DoS vulnerability in some Huawei products. Vulnerability Insight: There is a DoS vulnerability in some Huawei products. Due to incorrect malformed message processing logic, an authenticated, remote attacker could send specially crafted message to the target device. Successful exploit of the vulnerability could cause stack overflow and make a service unavailable. (Vulnerability ID: HWPSIRT-2017-04159)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8162.There is an out-of-bounds read vulnerability in some Huawei products. Due to insufficient input validation, an authenticated, remote attacker could send specially crafted message to the target device. Successful exploit of the vulnerability could cause out-of-bounds read and system crash. (Vulnerability ID: HWPSIRT-2017-04160)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8163.Huawei has released software updates to fix these vulnerabilities. This advisory is available in the linked references. Vulnerability Impact: Successful exploit of the vulnerability could cause stack overflow and make a service unavailable. Affected Software/OS: AR120-S versions V200R006C10 V200R007C00 V200R008C20 V200R008C30 AR1200 versions V200R006C10 V200R006C13 V200R007C00 V200R007C01 V200R007C02 V200R008C20 V200R008C30 AR1200-S versions V200R006C10 V200R007C00 V200R008C20 V200R008C30 AR150 versions V200R006C10 V200R007C00 V200R007C01 V200R007C02 V200R008C20 V200R008C30 AR150-S versions V200R006C10SPC300 V200R007C00 V200R008C20 V200R008C30 AR160 versions V200R006C10 V200R006C12 V200R007C00 V200R007C01 V200R007C02 V200R008C20 V200R008C30 AR200 versions V200R006C10 V200R007C00 V200R007C01 V200R008C20 V200R008C30 AR200-S versions V200R006C10 V200R007C00 V200R008C20 V200R008C30 AR2200 versions V200R006C10 V200R006C13 V200R006C16PWE V200R007C00 V200R007C01 V200R007C02 V200R008C20 V200R008C30 AR2200-S versions V200R006C10 V200R007C00 V200R008C20 V200R008C30 AR3200 versions V200R006C10 V200R006C11 V200R007C00 V200R007C01 V200R007C02 V200R008C00 V200R008C10 V200R008C20 V200R008C30 AR3600 versions V200R006C10 V200R007C00 V200R007C01 V200R008C20 AR510 versions V200R006C10 V200R006C12 V200R006C13 V200R006C15 V200R006C16 V200R006C17 V200R007C00SPC600 V200R008C20 V200R008C30 DP300 versions V500R002C00 IPS Module versions V100R001C10SPC200 V100R001C20SPC100 V100R001C30 V500R001C00 V500R001C20 V500R001C30 V500R001C50 NGFW Module versions V100R001C10SPC200 V100R001C20SPC100 V100R001C30 V500R001C00 V500R001C20 V500R002C00 V500R002C10 NIP6300 versions V500R001C00 V500R001C20 V500R001C30 V500R001C50 NIP6600 versions V500R001C00 V500R001C20 V500R001C30 V500R001C50 NIP6800 versions V500R001C50 NetEngine16EX versions V200R006C10 V200R007C00 V200R008C20 V200R008C30 RP200 versions V500R002C00SPC200 V600R006C00 RSE6500 versions V500R002C00 SMC2.0 versions V100R003C10 V100R005C00SPC100 V500R002C00 V600R006C00 SRG1300 versions V200R006C10 V200R007C00 V200R007C02 V200R008C20 V200R008C30 SRG2300 versions V200R006C10 V200R007C00 V200R007C02 V200R008C20 V200R008C30 SRG3300 versions V200R006C10 V200R007C00 V200R008C20 V200R008C30 SeMG9811 versions V300R001C01SPC500 Secospace USG6300 versions V100R001C10SPC200 V100R001C20SPC002T V100R001C30B018 V500R001C00 V500R001C20 V500R001C30 V500R001C50 Secospace USG6500 versions V100R001C10SPC200 V100R001C20SPC100 V100R001C30B018 V500R001C00 V500R001C20 V500R001C30 V500R001C50 Secospace USG6600 versions V100R001C00SPC200 V100R001C10SPC200 V100R001C20SPC070B710 V100R001C30 V500R001C00 V500R001C20 V500R001C30 V500R001C50 TE30 versions V100R001C02B053SP02 V100R001C10 V500R002C00SPC200 V600R006C00 TE40 versions V500R002C00SPC600 V600R006C00 TE50 versions V500R002C00SPC600 V600R006C00 TE60 versions V100R001C01SPC100 V100R001C10 V500R002C00 V600R006C00 TP3106 versions V100R002C00 TP3206 versions V100R002C00 USG9500 versions V500R001C00 V500R001C20 V500R001C30 V500R001C50 ViewPoint 9030 versions V100R011C02SPC100 V100R011C03B012SP15 Solution: See the referenced vendor advisory for a solution. CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-8162 Common Vulnerability Exposure (CVE) ID: CVE-2017-8163
Copyright	Copyright (C) 2020 Greenbone Networks GmbH