CVE-2017-17156

Name of the Vulnerable Software and Affected Versions Huawei IPS Module versions V500R001C00 through V500R001C20SPC300PWE NGFW Module versions V500R001C00 through V500R001C20SPC300PWE NIP6300 versions V500R001C00 through V500R001C20SPC300PWE NIP6600 versions V500R001C00 through V500R001C20SPC300PWE Secospace USG6300 versions V500R001C00 through V500R001C20SPC300PWE Secospace USG6500 versions V500R001C00 through V500R001C20SPC300PWE Secospace USG6600 versions V500R001C00 through V500R001C20SPC300PWE USG9500 versions V500R001C00 through V500R001C20SPC300PWE

Description The issue is caused by insufficient input validation, leading to an out-of-bounds memory access vulnerability. An attacker could exploit this by crafting special packets to trigger out-of-bounds memory access, potentially causing system exceptions.

Recommendations For Huawei IPS Module versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For NGFW Module versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For NIP6300 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For NIP6600 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For Secospace USG6300 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For Secospace USG6500 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For Secospace USG6600 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For USG9500 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting the use of IKEv2 until a patch is available.