CVE-2017-15338

Name of the Vulnerable Software and Affected Versions Huawei DP300 V500R002C00 Huawei IPS Module versions V100R001C10 through V100R001C30, versions V500R001C00 through V500R001C50 Huawei NGFW Module versions V100R001C10 through V100R001C30, versions V500R001C00 through V500R002C10 Huawei NIP6300 versions V500R001C00 through V500R001C50 Huawei NIP6600 versions V500R001C00 through V500R001C50 Huawei NIP6800 version V500R001C50 Huawei RP200 versions V500R002C00, V600R006C00 Huawei SVN5600 versions V200R003C00, V200R003C10 Huawei SVN5800 versions V200R003C00, V200R003C10 Huawei SVN5800-C versions V200R003C00, V200R003C10 Huawei SeMG9811 version V300R001C01 Huawei Secospace USG6300 versions V100R001C10 through V100R001C30, versions V500R001C00 through V500R001C50 Huawei Secospace USG6500 versions V100R001C10 through V100R001C30, versions V500R001C00 through V500R001C50 Huawei Secospace USG6600 versions V100R001C00 through V100R001C30, versions V500R001C00 through V500R001C50 Huawei TE30 versions V100R001C02, V100R001C10, versions V500R002C00, V600R006C00 Huawei TE40 versions V500R002C00, V600R006C00 Huawei TE50 versions V500R002C00, V600R006C00 Huawei TE60 versions V100R001C01, V100R001C10, versions V500R002C00, V600R006C00 Huawei USG9500 versions V500R001C00 through V500R001C30 Huawei USG9520 versions V300R001C01, V300R001C20 Huawei USG9560 versions V300R001C01, V300R001C20 Huawei USG9580 versions V300R001C01, V300R001C20 Huawei VP9660 versions V200R001C02, V200R001C30, versions V500R002C00, V500R002C10 Huawei ViewPoint 8660 version V100R008C03 Huawei ViewPoint 9030 versions V100R011C02, V100R011C03 Huawei eSpace U1981 versions V100R001C20, V200R003C00, V200R003C20, V200R003C30

Description The SIP module has a buffer overflow vulnerability due to insufficient validation for SIP messages. An attacker would have to craft specific messages to the affected products, which may cause services to become abnormal.

Recommendations For each affected version, update to a version that includes the fix for the buffer overflow vulnerability in the SIP module. At the moment, there is no information about a newer version that contains a fix for this vulnerability.