CVE-2017-8201

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition.

MAX PRESENCE V100R001C00, TP3106 V100R002C00 y TP3206 V100R002C00 tiene una vulnerabilidad de fuga de memoria en el protocolo H323. Un atacante podría iniciar sesión en el sistema como un usuario y enviar paquetes manipulados a los productos afectados. Dado la verificación insuficiente de los paquetes, una explotación exitosa podría provocar una fuga de memoria y acabar con una denegación de servicio (DoS).

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-04-25 CVE Reserved
2017-11-22 CVE Published
2023-10-02 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-772: Missing Release of Resource after Effective Lifetime

CAPEC

References (2)

URL	Tag	Source
http://www.securityfocus.com/bid/101952	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-en	2019-10-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Huawei Search vendor "Huawei"	Max Presence Firmware Search vendor "Huawei" for product "Max Presence Firmware"	v100r001c00 Search vendor "Huawei" for product "Max Presence Firmware" and version "v100r001c00"	-	Affected	in	Huawei Search vendor "Huawei"	Max Presence Search vendor "Huawei" for product "Max Presence"	-	-	Safe
Huawei Search vendor "Huawei"	Tp3106 Firmware Search vendor "Huawei" for product "Tp3106 Firmware"	v100r002c00 Search vendor "Huawei" for product "Tp3106 Firmware" and version "v100r002c00"	-	Affected	in	Huawei Search vendor "Huawei"	Tp3106 Search vendor "Huawei" for product "Tp3106"	-	-	Safe
Huawei Search vendor "Huawei"	Tp3206 Firmware Search vendor "Huawei" for product "Tp3206 Firmware"	v100r002c00 Search vendor "Huawei" for product "Tp3206 Firmware" and version "v100r002c00"	-	Affected	in	Huawei Search vendor "Huawei"	Tp3206 Search vendor "Huawei" for product "Tp3206"	-	-	Safe