CVE-2017-17298

Name of the Vulnerable Software and Affected Versions Huawei AR120-S versions V200R006C10 through V200R008C30 Huawei AR1200 versions V200R006C10 through V200R008C30 Huawei AR1200-S versions V200R006C10 through V200R008C30 Huawei AR150 versions V200R006C10 through V200R008C30 Huawei AR150-S versions V200R006C10 through V200R008C30 Huawei AR160 versions V200R006C10 through V200R008C30 Huawei AR200 versions V200R006C10 through V200R008C30 Huawei AR200-S versions V200R006C10 through V200R008C30 Huawei AR2200 versions V200R006C10 through V200R008C30 Huawei AR2200-S versions V200R006C10 through V200R008C30 Huawei AR3200 versions V200R006C10 through V200R008C30 Huawei AR3600 versions V200R006C10 through V200R008C30 Huawei AR510 versions V200R006C10 through V200R008C30 Huawei DP300 version V500R002C00 Huawei NetEngine16EX versions V200R006C10 through V200R008C30 Huawei RP200 versions V500R002C00 through V600R006C00 Huawei SRG1300 versions V200R006C10 through V200R008C30 Huawei SRG2300 versions V200R006C10 through V200R008C30 Huawei SRG3300 versions V200R006C10 through V200R008C30 Huawei TE30 versions V100R001C02 through V600R006C00 Huawei TE40 versions V500R002C00 through V600R006C00 Huawei TE50 version V500R002C00 Huawei TE60 versions V100R001C01 through V600R006C00 Huawei TP3106 version V100R002C00 Huawei TP3206 versions V100R002C00 through V100R002C10 Huawei ViewPoint 9030 versions V100R011C02 through V100R011C03

Description The issue is caused by a buffer overflow vulnerability due to insufficient validation of certificates. An unauthenticated, remote attacker may send specially crafted certificates to the affected products, potentially causing buffer overflow and service abnormalities.

Recommendations For Huawei AR120-S versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei AR1200 versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei AR1200-S versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei AR150 versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei AR150-S versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei AR160 versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei AR200 versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei AR200-S versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei AR2200 versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei AR2200-S versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei AR3200 versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei AR3600 versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei AR510 versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei DP300 version V500R002C00, update the certificate validation mechanism to prevent buffer overflow. For Huawei NetEngine16EX versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei RP200 versions V500R002C00 through V600R006C00, update the certificate validation mechanism to prevent buffer overflow. For Huawei SRG1300 versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei SRG2300 versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei SRG3300 versions V200R006C10 through V200R008C30, update the certificate validation mechanism to prevent buffer overflow. For Huawei TE30 versions V100R001C02 through V600R006C00, update the certificate validation mechanism to prevent buffer overflow. For Huawei TE40 versions V500R002C00 through V600R006C00, update the certificate validation mechanism to prevent buffer overflow. For Huawei TE50 version V500R002C00, update the certificate validation mechanism to prevent buffer overflow. For Huawei TE60 versions V100R001C01 through V600R006C00, update the certificate validation mechanism to prevent buffer overflow. For Huawei TP3106 version V100R002C00, update the certificate validation mechanism to prevent buffer overflow. For Huawei TP3206 versions V100R002C00 through V100R002C10, update the certificate validation mechanism to prevent buffer overflow. For Huawei ViewPoint 9030 versions V100R011C02 through V100R011C03, update the certificate validation mechanism to prevent buffer overflow. As a temporary workaround, consider restricting access to the certificate validation mechanism until a patch is available.