CVE-2017-15320

Name of the Vulnerable Software and Affected Versions Huawei RP200 versions V500R002C00 through V600R006C00 Huawei TE30 versions V100R001C10, V500R002C00, V600R006C00 Huawei TE40 versions V500R002C00, V600R006C00 Huawei TE50 versions V500R002C00, V600R006C00 Huawei TE60 versions V100R001C10, V500R002C00, V600R006C00

Description The issue is related to out-of-bounds read vulnerabilities in some Huawei products due to insufficient input validation. A remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploitation will cause an out-of-bounds read and possibly crash the system.

Recommendations For Huawei RP200 versions V500R002C00 through V600R006C00, update to a fixed version to resolve the issue. For Huawei TE30 versions V100R001C10, V500R002C00, V600R006C00, update to a fixed version to resolve the issue. For Huawei TE40 versions V500R002C00, V600R006C00, update to a fixed version to resolve the issue. For Huawei TE50 versions V500R002C00, V600R006C00, update to a fixed version to resolve the issue. For Huawei TE60 versions V100R001C10, V500R002C00, V600R006C00, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting access to SS7 related packets to minimize the risk of exploitation.