CVE-2017-15315 — MEDIUM (6.5)

Vulnerability Description

Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200 has a memory leak vulnerability. An authenticated attacker could execute special commands many times, the memory leaking happened, which would cause the device to reset finally.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Nip6300 Firmware	v500r001c20spc100
Huawei	Nip6300	-
Huawei	Nip6600 Firmware	v500r001c20spc100
Huawei	Nip6600	-
Huawei	Secospace Usg6300 Firmware	v500r001c20spc100
Huawei	Secospace Usg6300	-
Huawei	Secospace Usg6500 Firmware	v500r001c20spc100
Huawei	Secospace Usg6500	-

Related Weaknesses (CWE)

CWE-772

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-commandVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-commandVendor Advisory

FAQ

What is CVE-2017-15315?

CVE-2017-15315 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20...

How severe is CVE-2017-15315?

CVE-2017-15315 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-15315?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Nip6300 Firmware, Huawei Nip6300, Huawei Nip6600 Firmware, Huawei Nip6600, Huawei Secospace Usg6300 Firmware.