Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huaweiHuawei TechnologiesHUAWEI-SA-20170927-01-H323
HistorySep 27, 2017 - 12:00 a.m.

Security Advisory - Several Vulnerabilities in H323 protocol of Huawei Products

2017-09-2700:00:00
Huawei Technologies
www.huawei.com
23

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.4%

JSON

There are two out-of-bounds read vulnerabilities in H323 protocol of Huawei products. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot. (Vulnerability ID: HWPSIRT-2017-04136 and HWPSIRT-2017-04224)

These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) IDs: CVE-2017-8199 and CVE-2017-8200.

There is a memory leak vulnerability in H323 protocol of Huawei products. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2017-04225)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8201.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-en

Affected configurations

Vulners
Node
huaweimax_presence_firmwareMatchv100r001c00
OR
huaweitp3106_firmwareMatchv100r002c00
OR
huaweitp3206_firmwareMatchv100r002c00
VendorProductVersionCPE
huaweimax_presence_firmwarev100r001c00cpe:2.3:o:huawei:max_presence_firmware:v100r001c00:*:*:*:*:*:*:*
huaweitp3106_firmwarev100r002c00cpe:2.3:o:huawei:tp3106_firmware:v100r002c00:*:*:*:*:*:*:*
huaweitp3206_firmwarev100r002c00cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*

Related

cvelist 3
nvd 3
prion 3
cve 3
cvelist
cvelist
CVE-2017-8199
2017-11-22 19:00:00
CVE-2017-8200
2017-11-22 19:00:00
CVE-2017-8201
2017-11-22 19:00:00
nvd
nvd
CVE-2017-8199
2017-11-22 19:29:04
CVE-2017-8200
2017-11-22 19:29:05
CVE-2017-8201
2017-11-22 19:29:05
prion
prion
Out-of-bounds
2017-11-22 19:29:00
Out-of-bounds
2017-11-22 19:29:00
Memory corruption
2017-11-22 19:29:00
cve
cve
CVE-2017-8199
2017-11-22 19:29:04
CVE-2017-8200
2017-11-22 19:29:05
CVE-2017-8201
2017-11-22 19:29:05

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.4%

JSON
Related for HUAWEI-SA-20170927-01-H323
cvelist3nvd3prion3cve3