PT-2017-18203 · Huawei · Tp3206+2
Published
2017-11-22
·
Updated
2017-12-06
·
CVE-2017-8199
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
MAX PRESENCE V100R001C00
TP3106 V100R002C00
TP3206 V100R002C00
Description
The issue is related to an out-of-bounds read in the H323 protocol. An attacker can exploit this by sending crafted packets to the system after logging in as a user. The packets are not sufficiently verified, which can lead to a process reboot if the exploit is successful.
Recommendations
For MAX PRESENCE V100R001C00, update the system to prevent out-of-bounds read in the H323 protocol.
For TP3106 V100R002C00, restrict access to the H323 protocol until a patch is available to prevent exploitation.
For TP3206 V100R002C00, consider disabling the H323 protocol temporarily as a workaround until a fix is provided.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Max Presence
Tp3106
Tp3206