CVE-2017-17160

Name of the Vulnerable Software and Affected Versions Huawei AR120-S versions V200R006C10 through V200R007C00 Huawei AR1200 versions V200R006C10 through V200R007C02 Huawei AR1200-S versions V200R006C10 through V200R008C20 Huawei AR150 versions V200R006C10 through V200R007C02 Huawei AR150-S versions V200R006C10 through V200R007C00 Huawei AR160 versions V200R006C10 through V200R007C02 Huawei AR200 versions V200R006C10 through V200R007C00 Huawei AR200-S versions V200R006C10 through V200R007C00 Huawei AR2200 versions V200R006C10 through V200R007C02 Huawei AR2200-S versions V200R006C10 through V200R008C20 Huawei AR3200 versions V200R006C10 through V200R007C02 Huawei AR3600 versions V200R006C10 through V200R007C00 Huawei AR510 versions V200R006C12 through V200R007C00 Huawei NetEngine16EX versions V200R006C10 through V200R007C00 Huawei SRG1300 versions V200R006C10 through V200R007C02 Huawei SRG2300 versions V200R006C10 through V200R007C02 Huawei SRG3300 versions V200R006C10 through V200R007C00

Description The issue is caused by incomplete range checks of the input data, leading to a buffer overflow. An unauthenticated, remote attacker could exploit this by sending malicious IKE packets to the targeted device, potentially causing the device to write out of bounds and restart.

Recommendations For Huawei AR120-S versions V200R006C10 through V200R007C00, update to a fixed version. For Huawei AR1200 versions V200R006C10 through V200R007C02, update to a fixed version. For Huawei AR1200-S versions V200R006C10 through V200R008C20, update to a fixed version. For Huawei AR150 versions V200R006C10 through V200R007C02, update to a fixed version. For Huawei AR150-S versions V200R006C10 through V200R007C00, update to a fixed version. For Huawei AR160 versions V200R006C10 through V200R007C02, update to a fixed version. For Huawei AR200 versions V200R006C10 through V200R007C00, update to a fixed version. For Huawei AR200-S versions V200R006C10 through V200R007C00, update to a fixed version. For Huawei AR2200 versions V200R006C10 through V200R007C02, update to a fixed version. For Huawei AR2200-S versions V200R006C10 through V200R008C20, update to a fixed version. For Huawei AR3200 versions V200R006C10 through V200R007C02, update to a fixed version. For Huawei AR3600 versions V200R006C10 through V200R007C00, update to a fixed version. For Huawei AR510 versions V200R006C12 through V200R007C00, update to a fixed version. For Huawei NetEngine16EX versions V200R006C10 through V200R007C00, update to a fixed version. For Huawei SRG1300 versions V200R006C10 through V200R007C02, update to a fixed version. For Huawei SRG2300 versions V200R006C10 through V200R007C02, update to a fixed version. For Huawei SRG3300 versions V200R006C10 through V200R007C00, update to a fixed version. As a temporary workaround, consider restricting access to IKE packets until a patch is available.