CVE-2017-17157

Name of the Vulnerable Software and Affected Versions Huawei IPS Module versions V500R001C00 through V500R001C20SPC300PWE NGFW Module versions V500R001C00 through V500R001C20SPC300PWE NIP6300 versions V500R001C00 through V500R001C20SPC300PWE NIP6600 versions V500R001C00 through V500R001C20SPC300PWE Secospace USG6300 versions V500R001C00 through V500R001C20SPC300PWE Secospace USG6500 versions V500R001C00 through V500R001C20SPC300PWE Secospace USG6600 versions V500R001C00 through V500R001C20SPC300PWE USG9500 versions V500R001C00 through V500R001C20SPC300PWE

Description The issue is related to an out-of-bounds memory access vulnerability due to insufficient input validation in IKEv2. An attacker could exploit this to craft special packets, triggering out-of-bounds memory access, which may lead to system exceptions.

Recommendations For Huawei IPS Module versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For NGFW Module versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For NIP6300 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For NIP6600 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For Secospace USG6300 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For Secospace USG6500 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For Secospace USG6600 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For USG9500 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. As a temporary workaround, consider disabling IKEv2 until a patch is available.