Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Huawei Data Communication: Multiple Security Vulnerabilities in the IKEv2 Protocol Implementation of Huawei Products (huawei-sa-20171220-01-ikev2)

Information

Severity

Severity

Medium

Family

Family

Huawei

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

3 years ago

Modified

Modified

3 years ago

Summary

IKEv2 has an out-of-bounds write vulnerability due to insufficient input validation.

Insight

Insight

IKEv2 has an out-of-bounds write vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory write, which may further lead to system exceptions. (Vulnerability ID: HWPSIRT-2017-03101)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17152.IKEv2 has a memory leak vulnerability due to memory release failure resulted from insufficient input validation. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. (Vulnerability ID: HWPSIRT-2017-03102)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17153.IKEv2 has a DoS vulnerability due to insufficient input validation. An attacker could exploit it to cause unauthorized memory access, which may further lead to system exceptions. (Vulnerability ID: HWPSIRT-2017-03103)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17154.IKEv2 has an out-of-bounds memory access vulnerability due to incompliance with the 4-byte alignment requirement imposed by the MIPS CPU. An attacker could exploit it to cause unauthorized memory access, which may further lead to system exceptions. (Vulnerability ID: HWPSIRT-2017-03110)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17155.IKEv2 has an out-of-bounds memory access vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory access, which may further lead to system exceptions. (Vulnerability ID: HWPSIRT-2017-03111)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17156.IKEv2 has an out-of-bounds memory access vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory access, which may further lead to system exceptions. (Vulnerability ID: HWPSIRT-2017-03112)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17157.Huawei has released software updates to fix these vulnerabilities. This advisory is available in the linked references.

Affected Software

Affected Software

DBS3900 TDD LTE versions V100R003C00 V100R004C10 IPS Module versions V500R001C00 V500R001C00SPC200 V500R001C00SPC300 V500R001C00SPC500 V500R001C00SPH303 V500R001C00SPH508 V500R001C20 V500R001C20SPC100 V500R001C20SPC100PWE V500R001C20SPC200 V500R001C20SPC200B062 V500R001C20SPC200PWE V500R001C20SPC300B078 V500R001C20SPC300PWE NGFW Module versions V500R001C00 V500R001C00SPC200 V500R001C00SPC300 V500R001C00SPC500 V500R001C00SPC500PWE V500R001C00SPH303 V500R001C00SPH508 V500R001C20 V500R001C20SPC100 V500R001C20SPC100PWE V500R001C20SPC200 V500R001C20SPC200B062 V500R001C20SPC200PWE V500R001C20SPC300B078 V500R001C20SPC300PWE NIP6300 versions V500R001C00 V500R001C00SPC200 V500R001C00SPC300 V500R001C00SPC500 V500R001C00SPH303 V500R001C00SPH508 V500R001C20 V500R001C20SPC100 V500R001C20SPC100PWE V500R001C20SPC200 V500R001C20SPC200B062 V500R001C20SPC200PWE V500R001C20SPC300B078 V500R001C20SPC300PWE NIP6600 versions V500R001C00 V500R001C00SPC200 V500R001C00SPC300 V500R001C00SPC500 V500R001C00SPH303 V500R001C00SPH508 V500R001C20 V500R001C20SPC100 V500R001C20SPC100PWE V500R001C20SPC200 V500R001C20SPC200B062 V500R001C20SPC200PWE V500R001C20SPC300B078 Secospace USG6300 versions V500R001C00 V500R001C00SPC200 V500R001C00SPC300 V500R001C00SPC500 V500R001C00SPC500PWE V500R001C00SPH303 V500R001C00SPH508 V500R001C20 V500R001C20SPC100 V500R001C20SPC100PWE V500R001C20SPC101 V500R001C20SPC200 V500R001C20SPC200B062 V500R001C20SPC200PWE V500R001C20SPC300B078 V500R001C20SPC300PWE Secospace USG6500 versions V500R001C00 V500R001C00SPC200 V500R001C00SPC300 V500R001C00SPC500 V500R001C00SPC500PWE V500R001C00SPH303 V500R001C00SPH508 V500R001C20 V500R001C20SPC100 V500R001C20SPC100PWE V500R001C20SPC101 V500R001C20SPC200 V500R001C20SPC200B062 V500R001C20SPC200PWE V500R001C20SPC300B078 V500R001C20SPC300PWE Secospace USG6600 versions V500R001C00 V500R001C00SPC100 V500R001C00SPC200 V500R001C00SPC300 V500R001C00SPC301 V500R001C00SPC500 V500R001C00SPC500PWE V500R001C00SPH303 V500R001C20 V500R001C20SPC100 V500R001C20SPC100PWE V500R001C20SPC101 V500R001C20SPC200 V500R001C20SPC200PWE V500R001C20SPC300 V500R001C20SPC300B078 V500R001C20SPC300PWE USG9500 versions V500R001C00 V500R001C20

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

See the referenced vendor advisory for a solution.