CVE-2017-17299 Information

Description

Huawei AR120-S V200R006C10 V200R007C00 AR1200 V200R006C10 V200R006C13 V200R007C00 V200R007C02 AR1200-S V200R006C10 V200R007C00 V200R008C20 AR150 V200R006C10 V200R007C00 V200R007C02 AR150-S V200R006C10 V200R007C00 AR160 V200R006C10 V200R006C12 V200R007C00S V200R007C02 AR200 V200R006C10 V200R007C00 AR200-S V200R006C10 V200R007C00 AR2200 V200R006C10 V200R006C13 V200R006C16 V200R007C00 V200R007C02 AR2200-S V200R006C10 V200R007C00 V200R008C20 AR3200 V200R006C10 V200R006C11 V200R007C00 V200R007C02 AR3600 V200R006C10 V200R007C00 AR510 V200R006C12 V200R006C13 V200R006C15 V200R006C16 V200R006C17 V200R007C00 IPS Module V500R001C30 NIP6300 V500R001C30 NetEngine16EX V200R006C10 V200R007C00 have an insufficient input validation vulnerability. An unauthenticated remote attacker may send crafted IKE V2 messages to the affected products. Due to the insufficient validation of the messages successful exploit will cause invalid memory access and result in a denial of service on the affected products.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ike-en

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5