CVE-2017-15323

Name of the Vulnerable Software and Affected Versions Huawei DP300 versions V500R002C00 Huawei NIP6600 versions V500R001C00 through V500R001C30 Huawei Secospace USG6500 versions V500R001C00 through V500R001C30 Huawei TE60 versions V100R001C01 through V100R001C10, V100R003C00, V500R002C00, V600R006C00 Huawei TP3106 versions V100R001C06, V100R002C00 Huawei VP9660 versions V200R001C02, V200R001C30, V500R002C00, V500R002C10 Huawei ViewPoint 8660 version V100R008C03 Huawei ViewPoint 9030 versions V100R011C02, V100R011C03 Huawei eCNS210 TD version V100R004C10 Huawei eSpace U1981 version V200R003C30

Description The issue is caused by memory exhaustion due to inadequate input validation in some Huawei products. Attackers can craft and send malformed messages to the target device, exhausting its memory and causing a Denial of Service (DoS).

Recommendations For Huawei DP300 version V500R002C00, update to a version that includes input validation to prevent memory exhaustion. For Huawei NIP6600 versions V500R001C00 through V500R001C30, restrict access to the device until a patch is available that addresses the input validation issue. For Huawei Secospace USG6500 versions V500R001C00 through V500R001C30, consider disabling the reception of external messages to minimize the risk of exploitation. For Huawei TE60 versions V100R001C01 through V100R001C10, V100R003C00, V500R002C00, V600R006C00, apply configuration changes to limit the impact of malformed messages. For Huawei TP3106 versions V100R001C06, V100R002C00, avoid using the device for critical operations until a fix is available. For Huawei VP9660 versions V200R001C02, V200R001C30, V500R002C00, V500R002C10, update the device to a version with enhanced input validation. For Huawei ViewPoint 8660 version V100R008C03, restrict access to the device to prevent potential exploitation. For Huawei ViewPoint 9030 versions V100R011C02, V100R011C03, consider implementing additional security measures to mitigate the risk of Denial of Service. For Huawei eCNS210 TD version V100R004C10, update to a version that includes improved input validation. For Huawei eSpace U1981 version V200R003C30, apply a patch or update that addresses the memory exhaustion issue.