PT-2017-14732 · Huawei · Nip6600+8
Publicado
2017-12-06
·
Atualizado
2019-10-03
·
CVE-2017-17153
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Huawei IPS Module versions V500R001C00 through V500R001C20SPC300PWE
NGFW Module versions V500R001C00 through V500R001C20SPC300PWE
NIP6300 versions V500R001C00 through V500R001C20SPC300PWE
NIP6600 versions V500R001C00 through V500R001C20SPC300PWE
Secospace USG6300 versions V500R001C00 through V500R001C20SPC300PWE
Secospace USG6500 versions V500R001C00 through V500R001C20SPC300PWE
Secospace USG6600 versions V500R001C00 through V500R001C20SPC300PWE
USG9500 versions V500R001C00 through V500R001C20SPC300PWE
Description
The issue is caused by a memory leak vulnerability due to memory release failure resulted from insufficient input validation in IKEv2. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.
Recommendations
For Huawei IPS Module versions V500R001C00 through V500R001C20SPC300PWE, update the software to a version that includes the fix for the memory leak vulnerability.
For NGFW Module versions V500R001C00 through V500R001C20SPC300PWE, update the software to a version that includes the fix for the memory leak vulnerability.
For NIP6300 versions V500R001C00 through V500R001C20SPC300PWE, update the software to a version that includes the fix for the memory leak vulnerability.
For NIP6600 versions V500R001C00 through V500R001C20SPC300PWE, update the software to a version that includes the fix for the memory leak vulnerability.
For Secospace USG6300 versions V500R001C00 through V500R001C20SPC300PWE, update the software to a version that includes the fix for the memory leak vulnerability.
For Secospace USG6500 versions V500R001C00 through V500R001C20SPC300PWE, update the software to a version that includes the fix for the memory leak vulnerability.
For Secospace USG6600 versions V500R001C00 through V500R001C20SPC300PWE, update the software to a version that includes the fix for the memory leak vulnerability.
For USG9500 versions V500R001C00 through V500R001C20SPC300PWE, update the software to a version that includes the fix for the memory leak vulnerability.
Correção
Missing Release of Resource after Effective Lifetime
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Huawei Ips Module
Huawei Vrp
Ngfw Module
Nip6300
Nip6600
Secospace Usg6300
Secospace Usg6500
Secospace Usg6600
Usg9500