PT-2017-14734 · Huawei · Nip6600+8
Publicado
2017-12-06
·
Atualizado
2018-02-24
·
CVE-2017-17155
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Huawei IPS Module versions V500R001C00 through V500R001C20SPC300PWE
NGFW Module versions V500R001C00 through V500R001C20SPC300PWE
NIP6300 versions V500R001C00 through V500R001C20SPC300PWE
NIP6600 versions V500R001C00 through V500R001C20SPC300PWE
Secospace USG6300 versions V500R001C00 through V500R001C20SPC300PWE
Secospace USG6500 versions V500R001C00 through V500R001C20SPC300PWE
Secospace USG6600 versions V500R001C00 through V500R001C20SPC300PWE
USG9500 versions V500R001C00 through V500R001C20SPC300PWE
Description
The issue is caused by an out-of-bounds memory access vulnerability due to incompliance with the 4-byte alignment requirement imposed by the MIPS CPU. An attacker could exploit it to cause unauthorized memory access, which may further lead to system exceptions.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Huawei Ips Module
Huawei Vrp
Ngfw Module
Nip6300
Nip6600
Secospace Usg6300
Secospace Usg6500
Secospace Usg6600
Usg9500