CVE-2017-17160 — MEDIUM (5.9)

Vulnerability Description

Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, NetEngine16EX V200R006C10, V200R007C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, SRG2300 V200R006C10, V200R007C00, V200R007C02, SRG3300 V200R006C10, V200R007C00 have a buffer overflow vulnerability due to incomplete range checks of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious IKE packets to the targeted device. An exploit could allow the attacker to cause the device to write out of bound and restart.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Ar120-S Firmware	v200r006c10
Huawei	Ar120-S	-
Huawei	Ar1200 Firmware	v200r006c10
Huawei	Ar1200	-
Huawei	Ar1200-S Firmware	v200r006c10
Huawei	Ar1200-S	-
Huawei	Ar150 Firmware	v200r006c10
Huawei	Ar150	-
Huawei	Ar150-S Firmware	v200r006c10
Huawei	Ar150-S	-
Huawei	Ar160 Firmware	v200r006c10
Huawei	Ar160	-
Huawei	Ar200 Firmware	v200r006c10
Huawei	Ar200	-
Huawei	Ar200-S Firmware	v200r006c10
Huawei	Ar200-S	-
Huawei	Ar2200 Firmware	v200r006c10
Huawei	Ar2200	-
Huawei	Ar2200-S Firmware	v200r006c10
Huawei	Ar2200-S	-

Related Weaknesses (CWE)

CWE-787

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-ike-enVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-ike-enVendor Advisory

FAQ

What is CVE-2017-17160?

CVE-2017-17160 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S...

How severe is CVE-2017-17160?

CVE-2017-17160 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-17160?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ar120-S Firmware, Huawei Ar120-S, Huawei Ar1200 Firmware, Huawei Ar1200, Huawei Ar1200-S Firmware.