Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Huawei Data Communication: Denial of Service Vulnerability on Several Products (huawei-sa-20171206-01-ssl)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
There is a denial of service vulnerability on several products.
Insight
Insight
There is a denial of service vulnerability on several products. The software does not correctly calculate the rest size in a buffer when handling SSL connections. A remote unauthenticated attacker could send a lot of crafted SSL messages to the device, successful exploit could cause no space in the buffer and then denial of service. (Vulnerability ID: HWPSIRT-2016-12099)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-15342.Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references.
Affected Software
Affected Software
TE60 versions V600R006C00 TP3106 versions V100R002C00 eSpace U1981 versions V200R003C30SPC100
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
See the referenced vendor advisory for a solution.