Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-17250

Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash.

Published

2018-03-09T17:29:01.547

Last Modified

2024-11-21T03:17:42.510

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

6.9

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	ar120-s_firmware	v200r005c32	Yes
Hardware	huawei	ar120-s	-	No
Operating System	huawei	ar1200_firmware	v200r005c32	Yes
Hardware	huawei	ar1200	-	No
Operating System	huawei	ar1200-s_firmware	v200r005c32	Yes
Hardware	huawei	ar1200-s	-	No
Operating System	huawei	ar150_firmware	v200r005c32	Yes
Hardware	huawei	ar150	-	No
Operating System	huawei	ar160_firmware	v200r005c32	Yes
Hardware	huawei	ar160	-	No
Operating System	huawei	ar200_firmware	v200r005c32	Yes
Hardware	huawei	ar200	-	No
Operating System	huawei	ar200-s_firmware	v200r005c32	Yes
Hardware	huawei	ar200-s	-	No
Operating System	huawei	ar150-s_firmware	v200r005c32	Yes
Hardware	huawei	ar150-s	-	No
Operating System	huawei	ar2200-s_firmware	v200r005c32	Yes
Hardware	huawei	ar2200-s	-	No
Operating System	huawei	ar3200_firmware	v200r005c32	Yes
Operating System	huawei	ar3200_firmware	v200r007c00	Yes
Hardware	huawei	ar3200	-	No
Operating System	huawei	ar510_firmware	v200r005c32	Yes
Hardware	huawei	ar510	-	No
Operating System	huawei	netengine16ex_firmware	v200r005c32	Yes
Hardware	huawei	netengine16ex	-	No
Operating System	huawei	s12700_firmware	v200r007c00	Yes
Operating System	huawei	s12700_firmware	v200r007c01	Yes
Operating System	huawei	s12700_firmware	v200r008c00	Yes
Hardware	huawei	s12700	-	No
Operating System	huawei	s2700_firmware	v200r006c10	Yes
Operating System	huawei	s2700_firmware	v200r007c00	Yes
Operating System	huawei	s2700_firmware	v200r008c00	Yes
Hardware	huawei	s2700	-	No
Operating System	huawei	s5700_firmware	v200r007c00	Yes
Operating System	huawei	s5700_firmware	v200r008c00	Yes
Hardware	huawei	s5700	-	No
Operating System	huawei	s6700_firmware	v200r008c00	Yes
Hardware	huawei	s6700	-	No
Operating System	huawei	s7700_firmware	v200r007c00	Yes
Operating System	huawei	s7700_firmware	v200r008c00	Yes
Hardware	huawei	s7700	-	No
Operating System	huawei	s9700_firmware	v200r007c00	Yes
Operating System	huawei	s9700_firmware	v200r007c01	Yes
Operating System	huawei	s9700_firmware	v200r008c00	Yes
Hardware	huawei	s9700	-	No
Operating System	huawei	srg1300_firmware	v200r005c32	Yes
Hardware	huawei	srg1300	-	No
Operating System	huawei	srg2300_firmware	v200r005c32	Yes
Hardware	huawei	srg2300	-	No
Operating System	huawei	srg3300_firmware	v200r005c32	Yes
Hardware	huawei	srg3300	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en Vendor Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)