PT-2018-18321 · Huawei · Huawei Ar160+5
Published
2018-04-18
·
Updated
2018-05-22
·
CVE-2018-7920
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Huawei AR1200 version V200R006C10SPC300
Huawei AR160 version V200R006C10SPC300
Huawei AR200 version V200R006C10SPC300
Huawei AR2200 version V200R006C10SPC300
Huawei AR3200 version V200R006C10SPC300
Description:
The issue is related to improper resource management due to the improper implementation of the ACL mechanism. A remote attacker can send TCP messages to the management interface of the affected device to exploit this issue. Successful exploitation could exhaust the socket resource of the management interface, leading to a Denial of Service (DoS) condition.
Recommendations:
For Huawei AR1200 version V200R006C10SPC300, consider restricting access to the management interface to minimize the risk of exploitation.
For Huawei AR160 version V200R006C10SPC300, consider restricting access to the management interface to minimize the risk of exploitation.
For Huawei AR200 version V200R006C10SPC300, consider restricting access to the management interface to minimize the risk of exploitation.
For Huawei AR2200 version V200R006C10SPC300, consider restricting access to the management interface to minimize the risk of exploitation.
For Huawei AR3200 version V200R006C10SPC300, consider restricting access to the management interface to minimize the risk of exploitation.
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Ar1200
Huawei Ar160
Huawei Ar200
Huawei Ar2200
Huawei Ar3200
Huawei Vrp