CVE-2017-15348

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.

Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00 y USG9500 V500R001C00 tienen una vulnerabilidad de validación de entradas insuficiente. Un atacante remoto no autenticado podría enviar mensajes MPLS Echo Request específicos a los productos afectados. Dada la validación de entradas insuficiente de algunos parámetros en los mensajes, la explotación con éxito podría provocar que el dispositivo se reinicie.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-10-14 CVE Reserved
2018-02-15 CVE Published
2024-08-05 CVE Updated
2024-10-28 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en	2018-02-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Huawei Search vendor "Huawei"	Ips Module Firmware Search vendor "Huawei" for product "Ips Module Firmware"	v500r001c00 Search vendor "Huawei" for product "Ips Module Firmware" and version "v500r001c00"	-	Affected	in	Huawei Search vendor "Huawei"	Ips Module Search vendor "Huawei" for product "Ips Module"	-	-	Safe
Huawei Search vendor "Huawei"	Ngfw Module Firmware Search vendor "Huawei" for product "Ngfw Module Firmware"	v500r001c00 Search vendor "Huawei" for product "Ngfw Module Firmware" and version "v500r001c00"	-	Affected	in	Huawei Search vendor "Huawei"	Ngfw Module Search vendor "Huawei" for product "Ngfw Module"	-	-	Safe
Huawei Search vendor "Huawei"	Nip6300 Firmware Search vendor "Huawei" for product "Nip6300 Firmware"	v500r001c00 Search vendor "Huawei" for product "Nip6300 Firmware" and version "v500r001c00"	-	Affected	in	Huawei Search vendor "Huawei"	Nip6300 Search vendor "Huawei" for product "Nip6300"	-	-	Safe
Huawei Search vendor "Huawei"	Nip6600 Firmware Search vendor "Huawei" for product "Nip6600 Firmware"	v500r001c00 Search vendor "Huawei" for product "Nip6600 Firmware" and version "v500r001c00"	-	Affected	in	Huawei Search vendor "Huawei"	Nip6600 Search vendor "Huawei" for product "Nip6600"	-	-	Safe
Huawei Search vendor "Huawei"	Secospace Usg6300 Firmware Search vendor "Huawei" for product "Secospace Usg6300 Firmware"	v500r001c00 Search vendor "Huawei" for product "Secospace Usg6300 Firmware" and version "v500r001c00"	-	Affected	in	Huawei Search vendor "Huawei"	Secospace Usg6300 Search vendor "Huawei" for product "Secospace Usg6300"	-	-	Safe
Huawei Search vendor "Huawei"	Secospace Usg6600 Firmware Search vendor "Huawei" for product "Secospace Usg6600 Firmware"	v500r001c00 Search vendor "Huawei" for product "Secospace Usg6600 Firmware" and version "v500r001c00"	-	Affected	in	Huawei Search vendor "Huawei"	Secospace Usg6600 Search vendor "Huawei" for product "Secospace Usg6600"	-	-	Safe
Huawei Search vendor "Huawei"	Usg9500 Firmware Search vendor "Huawei" for product "Usg9500 Firmware"	v500r001c00 Search vendor "Huawei" for product "Usg9500 Firmware" and version "v500r001c00"	-	Affected	in	Huawei Search vendor "Huawei"	Usg9500 Search vendor "Huawei" for product "Usg9500"	-	-	Safe
Huawei Search vendor "Huawei"	Secospace Usg6500 Firmware Search vendor "Huawei" for product "Secospace Usg6500 Firmware"	v500r001c00 Search vendor "Huawei" for product "Secospace Usg6500 Firmware" and version "v500r001c00"	-	Affected	in	Huawei Search vendor "Huawei"	Secospace Usg6500 Search vendor "Huawei" for product "Secospace Usg6500"	-	-	Safe