CVE-2017-8162

AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR150 with software V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR150-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR160 with software V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR200 with software V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30,AR200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR2200 with software V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR2200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30,AR510 with software V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30,NetEngine16EX with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,SMC2.0 with software V100R003C10, V100R005C00, V500R002C00, V600R006C00,SRG1300 with software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30,SRG2300 with software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30,SRG3300 with software V200R006C10, V200R007C00, V200R008C20, V200R008C30 have a DoS vulnerability. Due to incorrect malformed message processing logic, an authenticated, remote attacker could send specially crafted message to the target device.Successful exploit of the vulnerability could cause stack overflow and make a service unavailable.

CVSS v3.0 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-h323-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar120-s_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar120-s_firmware:v200r008c30:::::::*
	cpe:2.3:o:huawei:ar120-s_firmware:v200r006c10:::::::*

cpe:2.3:h:huawei:ar120-s:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:huawei:ar1200_firmware:v200r006c13:::::::*
	cpe:2.3:o:huawei:ar1200_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar1200_firmware:v200r007c01:::::::*
	cpe:2.3:o:huawei:ar1200_firmware:v200r007c02:::::::*
	cpe:2.3:o:huawei:ar1200_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar1200_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar1200_firmware:v200r008c30:::::::*

cpe:2.3:h:huawei:ar1200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:huawei:ar1200-s_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c30:::::::*

cpe:2.3:h:huawei:ar1200-s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:huawei:ar150_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar150_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar150_firmware:v200r007c01:::::::*
	cpe:2.3:o:huawei:ar150_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar150_firmware:v200r007c02:::::::*
	cpe:2.3:o:huawei:ar150_firmware:v200r008c30:::::::*

cpe:2.3:h:huawei:ar150:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:huawei:ar150-s_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar150-s_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar150-s_firmware:v200r008c30:::::::*
	cpe:2.3:o:huawei:ar150-s_firmware:v200r008c20:::::::*

cpe:2.3:h:huawei:ar150-s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:huawei:ar160_firmware:v200r008c30:::::::*
	cpe:2.3:o:huawei:ar160_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar160_firmware:v200r007c02:::::::*
	cpe:2.3:o:huawei:ar160_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar160_firmware:v200r006c12:::::::*
	cpe:2.3:o:huawei:ar160_firmware:v200r007c01:::::::*
	cpe:2.3:o:huawei:ar160_firmware:v200r008c20:::::::*

cpe:2.3:h:huawei:ar160:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:huawei:ar200_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar200_firmware:v200r007c01:::::::*
	cpe:2.3:o:huawei:ar200_firmware:v200r008c30:::::::*
	cpe:2.3:o:huawei:ar200_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar200_firmware:v200r008c20:::::::*

cpe:2.3:h:huawei:ar200:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:huawei:ar200-s_firmware:v200r008c30:::::::*
	cpe:2.3:o:huawei:ar200-s_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar200-s_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar200-s_firmware:v200r007c00:::::::*

cpe:2.3:h:huawei:ar200-s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:huawei:ar2200_firmware:v200r006c13:::::::*
	cpe:2.3:o:huawei:ar2200_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar2200_firmware:v200r007c01:::::::*
	cpe:2.3:o:huawei:ar2200_firmware:v200r007c02:::::::*
	cpe:2.3:o:huawei:ar2200_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar2200_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar2200_firmware:v200r006c16pwe:::::::*
	cpe:2.3:o:huawei:ar2200_firmware:v200r008c30:::::::*

cpe:2.3:h:huawei:ar2200:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

OR	cpe:2.3:o:huawei:ar2200-s_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar2200-s_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar2200-s_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar2200-s_firmware:v200r008c30:::::::*

cpe:2.3:h:huawei:ar2200-s:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

OR	cpe:2.3:o:huawei:ar3200_firmware:v200r008c30:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r007c02:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r008c10:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r006c11:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r007c01:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r008c00:::::::*
	cpe:2.3:o:huawei:ar3200_firmware:v200r008c20:::::::*

cpe:2.3:h:huawei:ar3200:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

OR	cpe:2.3:o:huawei:ar510_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:ar510_firmware:v200r006c13:::::::*
	cpe:2.3:o:huawei:ar510_firmware:v200r006c16:::::::*
	cpe:2.3:o:huawei:ar510_firmware:v200r006c17:::::::*
	cpe:2.3:o:huawei:ar510_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:ar510_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:ar510_firmware:v200r006c12:::::::*
	cpe:2.3:o:huawei:ar510_firmware:v200r006c15:::::::*
	cpe:2.3:o:huawei:ar510_firmware:v200r008c30:::::::*

cpe:2.3:h:huawei:ar510:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

OR	cpe:2.3:o:huawei:netengine16ex_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:netengine16ex_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:netengine16ex_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:netengine16ex_firmware:v200r008c30:::::::*

cpe:2.3:h:huawei:netengine16ex:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

OR	cpe:2.3:o:huawei:smc2.0_firmware:v100r003c10:::::::*
	cpe:2.3:o:huawei:smc2.0_firmware:v100r005c00:::::::*
	cpe:2.3:o:huawei:smc2.0_firmware:v500r002c00:::::::*
	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00:::::::*

cpe:2.3:h:huawei:smc2.0:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

OR	cpe:2.3:o:huawei:srg1300_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:srg1300_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:srg1300_firmware:v200r007c02:::::::*
	cpe:2.3:o:huawei:srg1300_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:srg1300_firmware:v200r008c30:::::::*

cpe:2.3:h:huawei:srg1300:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

OR	cpe:2.3:o:huawei:srg2300_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:srg2300_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:srg2300_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:srg2300_firmware:v200r007c02:::::::*
	cpe:2.3:o:huawei:srg2300_firmware:v200r008c30:::::::*

cpe:2.3:h:huawei:srg2300:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

OR	cpe:2.3:o:huawei:srg3300_firmware:v200r006c10:::::::*
	cpe:2.3:o:huawei:srg3300_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:srg3300_firmware:v200r008c20:::::::*
	cpe:2.3:o:huawei:srg3300_firmware:v200r008c30:::::::*

cpe:2.3:h:huawei:srg3300:-:*:*:*:*:*:*:*

Information

Published : 2017-11-22 11:29

Updated : 2017-12-08 11:03

NVD link : CVE-2017-8162

Mitre link : CVE-2017-8162

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

huawei

ar2200-s
ar1200_firmware
ar150_firmware
ar3200
ar2200_firmware
netengine16ex
ar150
ar150-s_firmware
ar160
ar200_firmware
srg2300
ar3200_firmware
ar1200-s_firmware
ar120-s
ar1200
ar2200
netengine16ex_firmware
smc2.0
ar120-s_firmware
ar2200-s_firmware
srg2300_firmware
ar150-s
ar200-s
smc2.0_firmware
srg3300_firmware
ar1200-s
ar200
srg3300
ar160_firmware
srg1300
ar510_firmware
srg1300_firmware
ar200-s_firmware
ar510

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2017-8162

6.5^/10

4.0^/10

Attach tags to `CVE-2017-8162`