PT-2017-3521 · Huawei · Huawei Ar1200+3
Publicado
2017-11-29
·
Atualizado
2018-02-22
·
CVE-2017-15343
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
Huawei AR3200 versions V200R006C10 through V200R008C30
Huawei AR1200 (affected versions not specified)
Huawei AR120-S (affected versions not specified)
Description:
The issue is caused by an integer overflow vulnerability in the mechanism for checking SCTP messages. The software does not sufficiently validate certain fields in SCTP messages, allowing a remote unauthenticated attacker to send a crafted SCTP message to the device. Successful exploitation could result in a system reboot.
Recommendations:
For Huawei AR3200 versions V200R006C10 through V200R008C30, update to a version that fixes the integer overflow vulnerability.
For Huawei AR1200, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Huawei AR120-S, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Integer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Huawei Ar120-S
Huawei Ar1200
Huawei Ar3200
Huawei Vrp