CVE-2017-15336

Name of the Vulnerable Software and Affected Versions Huawei DP300 versions V500R002C00 Huawei IPS Module versions V100R001C10 through V100R001C30, V500R001C00 through V500R001C50 Huawei NGFW Module versions V100R001C10 through V100R001C30, V500R001C00 through V500R002C10 Huawei NIP6300 versions V500R001C00 through V500R001C50 Huawei NIP6600 versions V500R001C00 through V500R001C50 Huawei NIP6800 version V500R001C50 Huawei RP200 versions V500R002C00, V600R006C00 Huawei SVN5600 versions V200R003C00, V200R003C10 Huawei SVN5800 versions V200R003C00, V200R003C10 Huawei SVN5800-C versions V200R003C00, V200R003C10 Huawei SeMG9811 version V300R001C01 Huawei Secospace USG6300 versions V100R001C10 through V100R001C30, V500R001C00 through V500R001C50 Huawei Secospace USG6500 versions V100R001C10 through V100R001C30, V500R001C00 through V500R001C50 Huawei Secospace USG6600 versions V100R001C00 through V100R001C30, V500R001C00 through V500R001C50 Huawei TE30 versions V100R001C02, V100R001C10, V500R002C00, V600R006C00 Huawei TE40 versions V500R002C00, V600R006C00 Huawei TE50 versions V500R002C00, V600R006C00 Huawei TE60 versions V100R001C01, V100R001C10, V500R002C00, V600R006C00 Huawei USG9500 versions V500R001C00 through V500R001C30 Huawei USG9520 versions V300R001C01, V300R001C20 Huawei USG9560 versions V300R001C01, V300R001C20 Huawei USG9580 versions V300R001C01, V300R001C20 Huawei VP9660 versions V200R001C02, V200R001C30, V500R002C00, V500R002C10 Huawei ViewPoint 8660 version V100R008C03 Huawei ViewPoint 9030 versions V100R011C02, V100R011C03 Huawei eSpace U1981 versions V100R001C20, V200R003C00, V200R003C20, V200R003C30

Description The SIP backup feature in the affected products has a buffer overflow vulnerability due to insufficient validation of some values for SIP messages. An attacker may send specially crafted messages to the affected products, which may cause services to become abnormal.

Recommendations For Huawei DP300 version V500R002C00, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei IPS Module versions V100R001C10 through V100R001C30, V500R001C00 through V500R001C50, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei NGFW Module versions V100R001C10 through V100R001C30, V500R001C00 through V500R002C10, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei NIP6300 versions V500R001C00 through V500R001C50, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei NIP6600 versions V500R001C00 through V500R001C50, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei NIP6800 version V500R001C50, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei RP200 versions V500R002C00, V600R006C00, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei SVN5600 versions V200R003C00, V200R003C10, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei SVN5800 versions V200R003C00, V200R003C10, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei SVN5800-C versions V200R003C00, V200R003C10, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei SeMG9811 version V300R001C01, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei Secospace USG6300 versions V100R001C10 through V100R001C30, V500R001C00 through V500R001C50, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei Secospace USG6500 versions V100R001C10 through V100R001C30, V500R001C00 through V500R001C50, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei Secospace USG6600 versions V100R001C00 through V100R001C30, V500R001C00 through V500R001C50, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei TE30 versions V100R001C02, V100R001C10, V500R002C00, V600R006C00, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei TE40 versions V500R002C00, V600R006C00, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei TE50 versions V500R002C00, V600R006C00, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei TE60 versions V100R001C01, V100R001C10, V500R002C00, V600R006C00, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei USG9500 versions V500R001C00 through V500R001C30, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei USG9520 versions V300R001C01, V300R001C20, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei USG9560 versions V300R001C01, V300R001C20, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei USG9580 versions V300R001C01, V300R001C20, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei VP9660 versions V200R001C02, V200R001C30, V500R002C00, V500R002C10, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei ViewPoint 8660 version V100R008C03, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei ViewPoint 9030 versions V100R011C02, V100R011C03, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature. For Huawei eSpace U1981 versions V100R001C20, V200R003C00, V200R003C20, V200R003C30, update to a version that fixes the buffer overflow vulnerability in the SIP backup feature.