Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Huawei Data Communication: Memory Leak Vulnerability in Several Huawei Products (huawei-sa-20171213-05-xml)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
There is a memory leak vulnerability in several Huawei products.
Insight
Insight
There is a memory leak vulnerability in several Huawei products. The software does not release allocated memory properly when parse XML element data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory. (Vulnerability ID: HWPSIRT-2016-08074)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17330.Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references.
Affected Software
Affected Software
IPS Module versions V500R001C00B079 V500R001C00SPC200B085 V500R001C00SPC300B092 V500R001C00SPC500B098 V500R001C00SPC500B099 V500R001C00SPH303B001 V500R001C00SPH508B002 V500R001C20B031 V500R001C20SPC100B052 V500R001C20SPC100PWE V500R001C20SPC200B062 V500R001C20SPC200B063 V500R001C20SPC200PWE V500R001C30B027 V500R001C30B037 NGFW Module versions V500R002C00 V500R002C00B027 NIP6300 versions V500R001C00B079 V500R001C00SPC200B085 V500R001C00SPC300B092 V500R001C00SPC500B098 V500R001C00SPC500B099 V500R001C00SPH303B001 V500R001C00SPH508B002 V500R001C20B031 V500R001C20SPC100B052 V500R001C20SPC100PWE V500R001C20SPC200B062 V500R001C20SPC200B063 V500R001C20SPC200PWE V500R001C30B027 V500R001C30B037 NIP6600 versions V500R001C00B079 V500R001C00SPC200B085 V500R001C00SPC300B092 V500R001C00SPC500B098 V500R001C00SPC500B099 V500R001C00SPH303B001 V500R001C00SPH508B002 V500R001C20B031 V500R001C20SPC100B052 V500R001C20SPC100PWE V500R001C20SPC200B062 V500R001C20SPC200B063 V500R001C20SPC200PWE V500R001C30B027 V500R001C30B037 Secospace USG6300 versions V500R001C00B079 V500R001C00SPC200B085 V500R001C00SPC300B092 V500R001C00SPC500B098 V500R001C00SPC500B099 V500R001C00SPC500PWE V500R001C00SPH303B001 V500R001C00SPH508B002 V500R001C20B031 V500R001C20SPC100B052 V500R001C20SPC100PWE V500R001C20SPC101B053 V500R001C20SPC200B062 V500R001C20SPC200B063 V500R001C20SPC200PWE V500R001C30B027 V500R001C30B037 Secospace USG6500 versions V500R001C00B079 V500R001C00SPC200B085 V500R001C00SPC300B092 V500R001C00SPC500B098 V500R001C00SPC500B099 V500R001C00SPC500PWE V500R001C00SPH303B001 V500R001C00SPH508B002 V500R001C20B031 V500R001C20SPC100B052 V500R001C20SPC100PWE V500R001C20SPC200B062 V500R001C20SPC200B063 V500R001C20SPC200PWE V500R001C30B027 V500R001C30B037 Secospace USG6600 versions V500R001C00B063 V500R001C00B079 V500R001C00SPC100B080 V500R001C00SPC200B081 V500R001C00SPC200B082 V500R001C00SPC200B083 V500R001C00SPC200B085 V500R001C00SPC200B086 V500R001C00SPC300B087 V500R001C00SPC300B092 V500R001C00SPC301B950 V500R001C00SPC500B093 V500R001C00SPC500B098 V500R001C00SPC500B099 V500R001C00SPH303B001 V500R001C20B031 V500R001C20SPC100B051 V500R001C20SPC100B052 V500R001C20SPC101B053 V500R001C20SPC200B062 V500R001C20SPC200B063 V500R001C30B027 USG9500 versions V500R001C00B079 V500R001C00SPC200B085 V500R001C00SPC300B092 V500R001C00SPC303B002 V500R001C00SPC303B003 V500R001C00SPC500B098 V500R001C00SPC500B099 V500R001C00SPC500PWE V500R001C00SPC520T V500R001C00SPH303B001 V500R001C00SPH331T V500R001C00SPH508B002 V500R001C20B031 V500R001C20SPC100B052 V500R001C20SPC100PWE V500R001C20SPC101B053 V500R001C20SPC200B062 V500R001C20SPC200B063 V500R001C20SPC200PWE V500R001C20SPC205T V500R001C30B027 V500R001C30B037
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
See the referenced vendor advisory for a solution.