PT-2018-18321 · Huawei · Huawei Ar160+5
Publicado
2018-04-18
·
Atualizado
2018-05-22
·
CVE-2018-7920
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Huawei AR1200 version V200R006C10SPC300
Huawei AR160 version V200R006C10SPC300
Huawei AR200 version V200R006C10SPC300
Huawei AR2200 version V200R006C10SPC300
Huawei AR3200 version V200R006C10SPC300
Description:
The issue is related to improper resource management due to the improper implementation of the ACL mechanism. A remote attacker can send TCP messages to the management interface of the affected device to exploit this issue. Successful exploitation could exhaust the socket resource of the management interface, leading to a Denial of Service (DoS) condition.
Recommendations:
For Huawei AR1200 version V200R006C10SPC300, consider restricting access to the management interface to minimize the risk of exploitation.
For Huawei AR160 version V200R006C10SPC300, consider restricting access to the management interface to minimize the risk of exploitation.
For Huawei AR200 version V200R006C10SPC300, consider restricting access to the management interface to minimize the risk of exploitation.
For Huawei AR2200 version V200R006C10SPC300, consider restricting access to the management interface to minimize the risk of exploitation.
For Huawei AR3200 version V200R006C10SPC300, consider restricting access to the management interface to minimize the risk of exploitation.
Correção
DoS
Resource Exhaustion
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Huawei Ar1200
Huawei Ar160
Huawei Ar200
Huawei Ar2200
Huawei Ar3200
Huawei Vrp