CVE-2017-17166

Name of the Vulnerable Software and Affected Versions Huawei DP300 version V500R002C00 Secospace USG6300 versions V500R001C00 through V500R001C50 Secospace USG6500 versions V500R001C00 through V500R001C50 Secospace USG6600 versions V500R001C00 through V500R001C50 TP3206 version V100R002C00 VP9660 versions V500R002C00 through V500R002C10

Description The software does not process certain fields of H.323 messages properly. A remote unauthenticated attacker could send crafted H.323 messages to the device. Successful exploitation could cause certain services to become unavailable since the stack memory is exhausted.

Recommendations For Huawei DP300 version V500R002C00, update the software to a version that properly processes H.323 messages. For Secospace USG6300 versions V500R001C00 through V500R001C50, restrict access to the H.323 protocol until a patch is available. For Secospace USG6500 versions V500R001C00 through V500R001C50, consider disabling the H.323 message processing function temporarily. For Secospace USG6600 versions V500R001C00 through V500R001C50, apply configuration changes to limit the impact of crafted H.323 messages. For TP3206 version V100R002C00, avoid using the vulnerable H.323 protocol implementation until a fix is available. For VP9660 versions V500R002C00 through V500R002C10, update the software to a version that correctly handles H.323 messages.