Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Huawei Data Communication: Several Vulnerabilities in H323 Protocol of Huawei Products (huawei-sa-20171227-01-h323)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Huawei Switches are prone to multiple vulnerabilities.
Insight
Insight
The vulnerabilities exist due to: - Null pointer dereference - Out-of-Bounds read - Memory Leak - Resource Management vulnerability An attacker could send malformed packages to exploit these vulnerabilities.
Affected Software
Affected Software
The following products and firmware versions are affected: - AR120-S / AR1200-S / AR200-S / AR2200-S / SRG3300: V200R006C10, V200R007C00, V200R008C20, V200R008C30 - SRG1300 / SRG2300: V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30 - AR150-S: V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30 - AR200: V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30 - AR1200: V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30 - AR150: V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30 - AR160: V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30 - AR2200: V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30 - AR3200: V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 - AR3600: V200R006C10, V200R007C00, V200R007C01, V200R008C20 - AR510: V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30 - DP300: V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50 - NGFW Module: V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10 - NIP6300 / NIP6600: V500R001C00, V500R001C20, V500R001C30, V500R001C50 - NIP6800: V500R001C50 - NetEngine16EX: V200R006C10, V200R007C00, V200R008C20, V200R008C30 - RSE6500 V500R002C00 - SVN5600 / SVN5800 / SVN5800-C: V200R003C00, V200R003C10 - SeMG9811 V300R001C01 - Secospace USG6300 / Secospace USG6500: V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50 - Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60 - TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00 - TE40 / TE50: V500R002C00, V600R006C00 - TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 - TP3106 V100R002C00 - TP3206 V100R002C00, V100R002C10 - USG6000V V500R001C20 - USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50 - USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20 - USG9580 V300R001C01, V300R001C20 - VP9660 V500R002C00, V500R002C10 - ViewPoint 8660 V100R008C03 - ViewPoint 9030 V100R011C02
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
The following device/firmware combinations contain a fix: - AR120-S / AR1200 / AR1200-S / AR150 / AR150-S / AR160 / AR200 / AR200-S / AR2200 / AR2200-S / AR3200 / AR3600 / AR510 / NetEngine16EX / SRG1300 / SRG2300 / SRG3300 : V200R009C00 - DP300 / RSE6500: V500R002C00SPCb00 - IPS Module / NGFW Module / NIP6300 / NIP6600 / NIP6800: V500R001C60SPC500 - SVN5600 / SVN5800 / SVN5800-C: V200R003C10SPCa00 - SeMG9811: V500R002C20SPC500 - Secospace USG6300 / Secospace USG6500 / Secospace USG6600: V500R001C60SPC500 - TE30 / TE40 / TE50 / TE60: V600R006C00SPC500 - TP3106: V100R002C00 - TP3206: V100R002C00SPC800 - USG6000V: V500R003C00 - USG9500 / USG9520 / USG9560 / USG9580: V500R001C60SPC500 - VP9660: V500R002C10SPCb00 - ViewPoint 8660: V100R008C03SPCe00 - ViewPoint 9030: V100R011C03SPC900