CVE-2017-17152

Name of the Vulnerable Software and Affected Versions Huawei IPS Module versions V500R001C00 through V500R001C20SPC300PWE NGFW Module versions V500R001C00 through V500R001C20SPC300PWE NIP6300 versions V500R001C00 through V500R001C20SPC300PWE NIP6600 versions V500R001C00 through V500R001C20SPC300PWE Secospace USG6300 versions V500R001C00 through V500R001C20SPC300PWE Secospace USG6500 versions V500R001C00 through V500R001C20SPC300PWE Secospace USG6600 versions V500R001C00 through V500R001C20SPC300PWE USG9500 versions V500R001C00 through V500R001C20SPC300PWE

Description The IKEv2 protocol in Huawei products has an out-of-bounds write vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory write, which may further lead to system exceptions.

Recommendations For Huawei IPS Module versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For NGFW Module versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For NIP6300 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For NIP6600 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For Secospace USG6300 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For Secospace USG6500 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For Secospace USG6600 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. For USG9500 versions V500R001C00 through V500R001C20SPC300PWE, update to a fixed version to resolve the issue. As a temporary workaround, consider disabling the IKEv2 protocol until a patch is available.