CVE-2017-17299

Name of the Vulnerable Software and Affected Versions Huawei AR120-S versions V200R006C10 through V200R007C00 Huawei AR1200 versions V200R006C10 through V200R007C02 Huawei AR1200-S versions V200R006C10 through V200R008C20 Huawei AR150 versions V200R006C10 through V200R007C02 Huawei AR150-S versions V200R006C10 through V200R007C00 Huawei AR160 versions V200R006C10 through V200R007C02 Huawei AR200 versions V200R006C10 through V200R007C00 Huawei AR200-S versions V200R006C10 through V200R007C00 Huawei AR2200 versions V200R006C10 through V200R007C02 Huawei AR2200-S versions V200R006C10 through V200R008C20 Huawei AR3200 versions V200R006C10 through V200R007C02 Huawei AR3600 versions V200R006C10 through V200R007C00 Huawei AR510 versions V200R006C12 through V200R007C00 Huawei IPS Module version V500R001C30 Huawei NIP6300 version V500R001C30 Huawei NetEngine16EX versions V200R006C10 through V200R007C00

Description The issue is related to an insufficient input validation vulnerability. An unauthenticated, remote attacker may send crafted IKE V2 messages to the affected products. Due to the insufficient validation of the messages, successful exploit will cause invalid memory access and result in a denial of service on the affected products.

Recommendations For Huawei AR120-S versions V200R006C10 through V200R007C00, update to a fixed version to resolve the issue. For Huawei AR1200 versions V200R006C10 through V200R007C02, update to a fixed version to resolve the issue. For Huawei AR1200-S versions V200R006C10 through V200R008C20, update to a fixed version to resolve the issue. For Huawei AR150 versions V200R006C10 through V200R007C02, update to a fixed version to resolve the issue. For Huawei AR150-S versions V200R006C10 through V200R007C00, update to a fixed version to resolve the issue. For Huawei AR160 versions V200R006C10 through V200R007C02, update to a fixed version to resolve the issue. For Huawei AR200 versions V200R006C10 through V200R007C00, update to a fixed version to resolve the issue. For Huawei AR200-S versions V200R006C10 through V200R007C00, update to a fixed version to resolve the issue. For Huawei AR2200 versions V200R006C10 through V200R007C02, update to a fixed version to resolve the issue. For Huawei AR2200-S versions V200R006C10 through V200R008C20, update to a fixed version to resolve the issue. For Huawei AR3200 versions V200R006C10 through V200R007C02, update to a fixed version to resolve the issue. For Huawei AR3600 versions V200R006C10 through V200R007C00, update to a fixed version to resolve the issue. For Huawei AR510 versions V200R006C12 through V200R007C00, update to a fixed version to resolve the issue. For Huawei IPS Module version V500R001C30, update to a fixed version to resolve the issue. For Huawei NIP6300 version V500R001C30, update to a fixed version to resolve the issue. For Huawei NetEngine16EX versions V200R006C10 through V200R007C00, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting access to IKE V2 messages to minimize the risk of exploitation.