CVE-2017-17302

Name of the Vulnerable Software and Affected Versions: Huawei DP300 versions V500R002C00 Huawei RP200 versions V600R006C00 Huawei TE30 versions V100R001C10, V500R002C00, V600R006C00 Huawei TE40 versions V500R002C00, V600R006C00 Huawei TE50 versions V500R002C00, V600R006C00 Huawei TE60 versions V100R001C10, V500R002C00, V600R006C00

Description: The issue is related to a memory leak that can be triggered by an authenticated, local attacker who crafts and loads specific Certificate Revocation List (CRL) configuration files to the devices repeatedly. This exploit takes advantage of the improper release of allocated memory, potentially resulting in a memory leak and services becoming abnormal.

Recommendations: For Huawei DP300 version V500R002C00, consider restricting access to CRL configuration files to prevent repeated loading. For Huawei RP200 version V600R006C00, avoid using the vulnerable CRL configuration files until a fix is available. For Huawei TE30 versions V100R001C10, V500R002C00, V600R006C00, temporarily disable the loading of CRL configuration files to mitigate the risk. For Huawei TE40 versions V500R002C00, V600R006C00, restrict the use of specific CRL configuration files. For Huawei TE50 versions V500R002C00, V600R006C00, consider disabling the loadCRL() function until a patch is available. For Huawei TE60 versions V100R001C10, V500R002C00, V600R006C00, as a temporary workaround, consider limiting the number of times CRL configuration files can be loaded.