CVE-2017-17165 Information

Description

IPv6 function in Huawei Quidway S2700 V200R003C00SPC300 Quidway S5300 V200R003C00SPC300 Quidway S5700 V200R003C00SPC300 S2300 V200R003C00 V200R003C00SPC300T V200R005C00 V200R006C00 V200R007C00 V200R008C00 V200R009C00 S2700 V200R005C00 V200R006C00 V200R007C00 V200R008C00 V200R009C00 S5300 V200R003C00 V200R003C00SPC300T V200R003C00SPC600 V200R003C02 V200R005C00 V200R005C01 V200R005C02 V200R005C03 V200R005C05 V200R006C00 V200R007C00 V200R008C00 V200R009C00 S5700 V200R003C00 V200R003C00SPC316T V200R003C00SPC600 V200R003C02 V200R005C00 V200R005C01 V200R005C02 V200R005C03 V200R006C00 V200R007C00 V200R008C00 V200R009C00 S600-E V200R008C00 V200R009C00 S6300 V200R003C00 V200R005C00 V200R007C00 V200R008C00 V200R009C00 S6700 V200R003C00 V200R005C00 V200R005C01 V200R005C02 V200R007C00 V200R008C00 V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. Due to insufficient verification of the packets successful exploit will cause device to reset.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5