CVE-2017-15344 — HIGH (7.5)

Vulnerability Description

Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could cause system reboot.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Ar120-S Firmware	v200r006c10
Huawei	Ar1200 Firmware	v200r007c01
Huawei	Ar3200 Firmware	v200r006c11
Huawei	Ar3200	-

Related Weaknesses (CWE)

CWE-190

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-02-sctp-enVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-02-sctp-enVendor Advisory

FAQ

What is CVE-2017-15344?

CVE-2017-15344 is a vulnerability with a CVSS score of 7.5 (HIGH). Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does...

How severe is CVE-2017-15344?

CVE-2017-15344 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-15344?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ar120-S Firmware, Huawei Ar1200 Firmware, Huawei Ar3200 Firmware, Huawei Ar3200.