CVE-2017-15349

Name of the Vulnerable Software and Affected Versions Huawei CloudEngine 12800 versions V100R003C00 through V100R006C00 Huawei CloudEngine 5800 versions V100R003C00 through V100R006C00 Huawei CloudEngine 6800 versions V100R003C00 through V100R006C00 Huawei CloudEngine 7800 versions V100R003C00 through V100R006C00

Description The issue is related to a memory leak vulnerability. An unauthenticated attacker may send specific Resource ReServation Protocol (RSVP) packets to the affected products. Due to the failure to release the memory used to handle these packets, a successful exploit will result in a memory leak, leading to a Denial of Service (DoS) condition.

Recommendations For Huawei CloudEngine 12800 versions V100R003C00 through V100R006C00, update to a version that includes the fix for this memory leak vulnerability. For Huawei CloudEngine 5800 versions V100R003C00 through V100R006C00, update to a version that includes the fix for this memory leak vulnerability. For Huawei CloudEngine 6800 versions V100R003C00 through V100R006C00, update to a version that includes the fix for this memory leak vulnerability. For Huawei CloudEngine 7800 versions V100R003C00 through V100R006C00, update to a version that includes the fix for this memory leak vulnerability. As a temporary workaround, consider restricting the handling of RSVP packets to minimize the risk of exploitation.