CVE-2017-15350

Name of the Vulnerable Software and Affected Versions Huawei DP300 versions V500R002C00 Huawei IPS Module versions V100R001C10 through V100R001C30, V500R001C00 through V500R001C50 Huawei NGFW Module versions V100R001C10 through V100R001C30, V500R001C00 through V500R001C20 Huawei NIP6300 versions V500R001C00 through V500R001C50 Huawei NIP6600 versions V500R001C00 through V500R001C50 Huawei NIP6800 version V500R001C50 Huawei RP200 versions V500R002C00, V600R006C00 Huawei SVN5600 versions V200R003C00, V200R003C10 Huawei SVN5800 versions V200R003C00, V200R003C10 Huawei SVN5800-C versions V200R003C00, V200R003C10 Huawei Secospace USG6300 versions V100R001C10 through V100R001C30, V500R001C00 through V500R001C50 Huawei Secospace USG6500 versions V100R001C10 through V100R001C30, V500R001C00 through V500R001C50 Huawei Secospace USG6600 versions V100R001C00 through V100R001C30, V500R001C00 through V500R001C50 Huawei TE30 versions V100R001C02, V100R001C10, V500R002C00, V600R006C00 Huawei TE40 versions V500R002C00, V600R006C00 Huawei TE50 versions V500R002C00, V600R006C00 Huawei TE60 versions V100R001C01, V100R001C10, V500R002C00, V600R006C00 Huawei TP3206 versions V100R002C00, V100R002C10 Huawei USG9500 versions V500R001C00 through V500R001C50

Description The Common Open Policy Service Protocol (COPS) module in Huawei products has a buffer overflow vulnerability. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted messages to the affected products. The vulnerability is due to insufficient input validation of the message, which could result in a buffer overflow. Successful exploit may cause some services to become abnormal.

Recommendations For Huawei DP300 version V500R002C00, update to a fixed version. For Huawei IPS Module versions V100R001C10 through V100R001C30, V500R001C00 through V500R001C50, update to a fixed version. For Huawei NGFW Module versions V100R001C10 through V100R001C30, V500R001C00 through V500R001C20, update to a fixed version. For Huawei NIP6300 versions V500R001C00 through V500R001C50, update to a fixed version. For Huawei NIP6600 versions V500R001C00 through V500R001C50, update to a fixed version. For Huawei NIP6800 version V500R001C50, update to a fixed version. For Huawei RP200 versions V500R002C00, V600R006C00, update to a fixed version. For Huawei SVN5600 versions V200R003C00, V200R003C10, update to a fixed version. For Huawei SVN5800 versions V200R003C00, V200R003C10, update to a fixed version. For Huawei SVN5800-C versions V200R003C00, V200R003C10, update to a fixed version. For Huawei Secospace USG6300 versions V100R001C10 through V100R001C30, V500R001C00 through V500R001C50, update to a fixed version. For Huawei Secospace USG6500 versions V100R001C10 through V100R001C30, V500R001C00 through V500R001C50, update to a fixed version. For Huawei Secospace USG6600 versions V100R001C00 through V100R001C30, V500R001C00 through V500R001C50, update to a fixed version. For Huawei TE30 versions V100R001C02, V100R001C10, V500R002C00, V600R006C00, update to a fixed version. For Huawei TE40 versions V500R002C00, V600R006C00, update to a fixed version. For Huawei TE50 versions V500R002C00, V600R006C00, update to a fixed version. For Huawei TE60 versions V100R001C01, V100R001C10, V500R002C00, V600R006C00, update to a fixed version. For Huawei TP3206 versions V100R002C00, V100R002C10, update to a fixed version. For Huawei USG9500 versions V500R001C00 through V500R001C50, update to a fixed version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.