CVE-2017-17199

Name of the Vulnerable Software and Affected Versions: Huawei DP300 versions V500R002C00 through V600R006C00 Huawei RP200 versions V500R002C00 through V600R006C00 Huawei TE30 versions V100R001C10 through V600R006C00 Huawei TE40 versions V500R002C00 through V600R006C00 Huawei TE50 versions V500R002C00 through V600R006C00 Huawei TE60 versions V100R001C10 through V600R006C00

Description: The issue is caused by the improper processing of malformed H323 messages, leading to an out-of-bounds read. A remote attacker controlling a server could exploit this by sending malformed H323 reply messages to a target device. Successful exploitation could cause the device to read out of bounds and potentially make a service unavailable.

Recommendations: For Huawei DP300 versions V500R002C00 through V600R006C00, update to a version that properly processes H323 messages to prevent out-of-bounds reads. For Huawei RP200 versions V500R002C00 through V600R006C00, update to a version that properly processes H323 messages to prevent out-of-bounds reads. For Huawei TE30 versions V100R001C10 through V600R006C00, update to a version that properly processes H323 messages to prevent out-of-bounds reads. For Huawei TE40 versions V500R002C00 through V600R006C00, update to a version that properly processes H323 messages to prevent out-of-bounds reads. For Huawei TE50 versions V500R002C00 through V600R006C00, update to a version that properly processes H323 messages to prevent out-of-bounds reads. For Huawei TE60 versions V100R001C10 through V600R006C00, update to a version that properly processes H323 messages to prevent out-of-bounds reads.