CVE-2017-15317 Information
Description
AR120-S V200R006C10 V200R007C00 V200R008C20 V200R008C30; AR1200 V200R006C10 V200R006C13 V200R007C00 V200R007C01 V200R007C02 V200R008C20 V200R008C30; AR1200-S V200R006C10 V200R007C00 V200R008C20 V200R008C30; AR150 V200R006C10 V200R007C00 V200R007C01 V200R007C02 V200R008C20 V200R008C30; AR150-S V200R006C10 V200R007C00 V200R008C20 V200R008C30; AR160 V200R006C10 V200R006C12 V200R007C00 V200R007C01 V200R007C02 V200R008C20 V200R008C30; AR200 V200R006C10 V200R007C00 V200R007C01 V200R008C20 V200R008C30; AR200-S V200R006C10 V200R007C00 V200R008C20 V200R008C30; AR2200 V200R006C10 V200R006C13 V200R006C16 V200R007C00 V200R007C01 V200R007C02 V200R008C20 V200R008C30; AR2200-S V200R006C10 V200R007C00 V200R008C20 V200R008C30; AR3200 V200R006C10 V200R006C11 V200R007C00 V200R007C01 V200R007C02 V200R008C00 V200R008C10 V200R008C20 V200R008C30; AR510 V200R006C10 V200R006C12 V200R006C13 V200R006C15 V200R006C16 V200R006C17 V200R007C00 V200R008C20 V200R008C30; SRG1300 V200R006C10 V200R007C00 V200R007C02 V200R008C20 V200R008C30; SRG2300 V200R006C10 V200R007C00 V200R007C02 V200R008C20 V200R008C30; SRG3300 V200R006C10 V200R007C00 V200R008C20 V200R008C30 have an input validation vulnerability in Huawei multiple products. Due to the insufficient input validation an unauthenticated remote attacker may craft a malformed Stream Control Transmission Protocol (SCTP) packet and send it to the device causing the device to read out of bounds and restart.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Reference
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-sctp-en
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
7.5
Share on: