CVE-2017-15333

Name of the Vulnerable Software and Affected Versions Huawei S12700 versions V200R005C00 Huawei S1700 versions V200R009C00, V200R010C00 Huawei S3700 versions V100R006C03, V100R006C05 Huawei S5700 versions V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00 Huawei S6700 versions V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00 Huawei S7700 versions V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00 Huawei S9700 versions V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00 Huawei eCNS210 TD versions V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400

Description The XML parser in the affected Huawei products has a DOS vulnerability. An attacker can craft specific XML files to exploit this issue. Due to the lack of checks on specially crafted XML files and the parsing of these files, a successful exploit will result in DOS attacks.

Recommendations For Huawei S12700 version V200R005C00, consider disabling the XML parser until a patch is available. For Huawei S1700 versions V200R009C00, V200R010C00, restrict access to the XML parser to minimize the risk of exploitation. For Huawei S3700 versions V100R006C03, V100R006C05, avoid using the XML parser with specially crafted XML files until the issue is resolved. For Huawei S5700 versions V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, consider implementing additional security measures to prevent DOS attacks. For Huawei S6700 versions V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00, temporarily disable the XML parser as a workaround. For Huawei S7700 versions V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, restrict access to the XML parser to minimize the risk of exploitation. For Huawei S9700 versions V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, consider implementing additional security measures to prevent DOS attacks. For Huawei eCNS210 TD versions V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400, avoid using the XML parser with specially crafted XML files until the issue is resolved.