CVE-2017-17202

Name of the Vulnerable Software and Affected Versions: Huawei AR120-S versions V200R005C32 through V200R008C30 Huawei AR1200 versions V200R005C32 through V200R008C30 Huawei AR1200-S versions V200R005C32 through V200R008C30 Huawei AR150 versions V200R005C32 through V200R008C30 Huawei AR150-S versions V200R005C32 through V200R008C30 Huawei AR160 versions V200R005C32 through V200R008C30 Huawei AR200 versions V200R005C32 through V200R008C30 Huawei AR200-S versions V200R005C32 through V200R008C30 Huawei AR2200 versions V200R006C10 through V200R008C30 Huawei AR2200-S versions V200R005C32 through V200R008C30 Huawei AR3200 versions V200R005C32 through V200R008C30 Huawei AR3600 versions V200R006C10 through V200R008C20 Huawei AR510 versions V200R005C32 through V200R008C30 Huawei NetEngine16EX versions V200R005C32 through V200R008C30 Huawei SRG1300 versions V200R005C32 through V200R008C30 Huawei SRG2300 versions V200R005C32 through V200R008C30 Huawei SRG3300 versions V200R005C32 through V200R008C30

Description: The issue is caused by insufficient input validation, leading to an out-of-bounds read vulnerability. An unauthenticated, remote attacker could exploit this vulnerability by sending malformed Session Initiation Protocol (SIP) packets to the target device. Successful exploitation could cause the device to read out of bounds, resulting in a service being unavailable.

Recommendations: For Huawei AR120-S versions V200R005C32 through V200R008C30, update to a fixed version. For Huawei AR1200 versions V200R005C32 through V200R008C30, update to a fixed version. For Huawei AR1200-S versions V200R005C32 through V200R008C30, update to a fixed version. For Huawei AR150 versions V200R005C32 through V200R008C30, update to a fixed version. For Huawei AR150-S versions V200R005C32 through V200R008C30, update to a fixed version. For Huawei AR160 versions V200R005C32 through V200R008C30, update to a fixed version. For Huawei AR200 versions V200R005C32 through V200R008C30, update to a fixed version. For Huawei AR200-S versions V200R005C32 through V200R008C30, update to a fixed version. For Huawei AR2200 versions V200R006C10 through V200R008C30, update to a fixed version. For Huawei AR2200-S versions V200R005C32 through V200R008C30, update to a fixed version. For Huawei AR3200 versions V200R005C32 through V200R008C30, update to a fixed version. For Huawei AR3600 versions V200R006C10 through V200R008C20, update to a fixed version. For Huawei AR510 versions V200R005C32 through V200R008C30, update to a fixed version. For Huawei NetEngine16EX versions V200R005C32 through V200R008C30, update to a fixed version. For Huawei SRG1300 versions V200R005C32 through V200R008C30, update to a fixed version. For Huawei SRG2300 versions V200R005C32 through V200R008C30, update to a fixed version. For Huawei SRG3300 versions V200R005C32 through V200R008C30, update to a fixed version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.