PT-2017-14732 · Huawei · Nip6600+8

Published

2017-12-06

·

Updated

2019-10-03

·

CVE-2017-17153

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Huawei IPS Module versions V500R001C00 through V500R001C20SPC300PWE NGFW Module versions V500R001C00 through V500R001C20SPC300PWE NIP6300 versions V500R001C00 through V500R001C20SPC300PWE NIP6600 versions V500R001C00 through V500R001C20SPC300PWE Secospace USG6300 versions V500R001C00 through V500R001C20SPC300PWE Secospace USG6500 versions V500R001C00 through V500R001C20SPC300PWE Secospace USG6600 versions V500R001C00 through V500R001C20SPC300PWE USG9500 versions V500R001C00 through V500R001C20SPC300PWE
Description The issue is caused by a memory leak vulnerability due to memory release failure resulted from insufficient input validation in IKEv2. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.
Recommendations For Huawei IPS Module versions V500R001C00 through V500R001C20SPC300PWE, update the software to a version that includes the fix for the memory leak vulnerability. For NGFW Module versions V500R001C00 through V500R001C20SPC300PWE, update the software to a version that includes the fix for the memory leak vulnerability. For NIP6300 versions V500R001C00 through V500R001C20SPC300PWE, update the software to a version that includes the fix for the memory leak vulnerability. For NIP6600 versions V500R001C00 through V500R001C20SPC300PWE, update the software to a version that includes the fix for the memory leak vulnerability. For Secospace USG6300 versions V500R001C00 through V500R001C20SPC300PWE, update the software to a version that includes the fix for the memory leak vulnerability. For Secospace USG6500 versions V500R001C00 through V500R001C20SPC300PWE, update the software to a version that includes the fix for the memory leak vulnerability. For Secospace USG6600 versions V500R001C00 through V500R001C20SPC300PWE, update the software to a version that includes the fix for the memory leak vulnerability. For USG9500 versions V500R001C00 through V500R001C20SPC300PWE, update the software to a version that includes the fix for the memory leak vulnerability.

Fix

Missing Release of Resource after Effective Lifetime

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-772CWE-20

Related Identifiers

CVE-2017-17153

Affected Products

Huawei Ips Module
Huawei Vrp
Ngfw Module
Nip6300
Nip6600
Secospace Usg6300
Secospace Usg6500
Secospace Usg6600
Usg9500