CVE-2017-17141 — LOW (3.7) — White Hats Nepal

Vulnerability Description

Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T; V200R008C00; V200R009C00;S3700 V100R006C03;S5700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R003C02; V200R005C00; V200R005C01; V200R005C02; V200R005C03; V200R006C00; V200R007C00; V200R008C00; V200R009C00;S6700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R005C01; V200R005C02; V200R008C00; V200R009C00;S7700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R006C01; V200R007C00; V200R007C01; V200R008C00; V200R008C06; V200R009C00;S9700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R008C00; V200R009C00 have a memory leak vulnerability. In some specific conditions, if attackers send specific malformed MPLS Service PING messages to the affected products, products do not release the memory when handling the packets. So successful exploit will result in memory leak of the affected products.

CVSS Score

3.7

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Huawei	S12700 Firmware	v200r005c00
Huawei	S12700	-
Huawei	S1700 Firmware	v200r006c10
Huawei	S1700	-
Huawei	S2700 Firmware	v100r006c03
Huawei	S2700	-
Huawei	S3700 Firmware	v100r006c03
Huawei	S3700	-
Huawei	S5700 Firmware	v200r001c00
Huawei	S5700	-
Huawei	S6700 Firmware	v200r001c00
Huawei	S6700	-
Huawei	S7700 Firmware	v200r001c00
Huawei	S7700	-
Huawei	S9700 Firmware	v200r001c00
Huawei	S9700	-

Related Weaknesses (CWE)

CWE-772

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-mpls-enVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-mpls-enVendor Advisory

FAQ

What is CVE-2017-17141?

CVE-2017-17141 is a vulnerability with a CVSS score of 3.7 (LOW). Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R00...

How severe is CVE-2017-17141?

CVE-2017-17141 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-17141?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei S12700 Firmware, Huawei S12700, Huawei S1700 Firmware, Huawei S1700, Huawei S2700 Firmware.