CVE-2017-17316

Name of the Vulnerable Software and Affected Versions: Huawei DP300 versions V500R002C00 through V600R006C00 Huawei RP200 version V500R002C00 Huawei RP200 version V600R006C00 Huawei TE30 versions V100R001C10 through V600R006C00 Huawei TE40 versions V500R002C00 through V600R006C00 Huawei TE50 versions V500R002C00 through V600R006C00 Huawei TE60 versions V100R001C10 through V600R006C00

Description: The issue is related to an out-of-bounds read. An unauthenticated, remote attacker must control the peer device and craft the Signalling Connection Control Part (SCCP) messages to the target devices. Due to insufficient input validation of some values in the messages, a successful exploit will cause an out-of-bounds read and some services to become abnormal.

Recommendations: For Huawei DP300 version V500R002C00, update to a version later than V500R002C00. For Huawei DP300 version V600R006C00, apply configuration changes to restrict the SCCP messages. For Huawei RP200 version V500R002C00, update to a version later than V500R002C00. For Huawei RP200 version V600R006C00, restrict access to the SCCP module. For Huawei TE30 version V100R001C10, update to a version later than V100R001C10. For Huawei TE30 version V600R006C00, apply configuration changes to restrict the SCCP messages. For Huawei TE40 version V500R002C00, update to a version later than V500R002C00. For Huawei TE40 version V600R006C00, restrict access to the SCCP module. For Huawei TE50 version V500R002C00, update to a version later than V500R002C00. For Huawei TE50 version V600R006C00, apply configuration changes to restrict the SCCP messages. For Huawei TE60 version V100R001C10, update to a version later than V100R001C10. For Huawei TE60 version V600R006C00, restrict access to the SCCP module.