CVE-2017-15315

Name of the Vulnerable Software and Affected Versions Huawei NIP6300 versions V500R001C20SPC100 through V500R001C20SPC200 Huawei NIP6600 versions V500R001C20SPC100 through V500R001C20SPC200 Huawei Secospace USG6300 versions V500R001C20SPC100 through V500R001C20SPC200 Huawei Secospace USG6500 versions V500R001C20SPC100 through V500R001C20SPC200

Description The issue is related to a memory leak vulnerability in the patch module of certain Huawei products. An authenticated attacker could exploit this by executing special commands multiple times, leading to memory leakage, which would eventually cause the device to reset.

Recommendations For Huawei NIP6300 versions V500R001C20SPC100 through V500R001C20SPC200, update the patch module to a version that includes the fix for the memory leak vulnerability. For Huawei NIP6600 versions V500R001C20SPC100 through V500R001C20SPC200, update the patch module to a version that includes the fix for the memory leak vulnerability. For Huawei Secospace USG6300 versions V500R001C20SPC100 through V500R001C20SPC200, update the patch module to a version that includes the fix for the memory leak vulnerability. For Huawei Secospace USG6500 versions V500R001C20SPC100 through V500R001C20SPC200, update the patch module to a version that includes the fix for the memory leak vulnerability. As a temporary workaround, consider restricting the execution of special commands to minimize the risk of exploitation.