CVE-2017-8199 — MEDIUM (6.5)

Vulnerability Description

MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Max Presence Firmware	v100r001c00
Huawei	Max Presence	-
Huawei	Tp3106 Firmware	v100r002c00
Huawei	Tp3106	-
Huawei	Tp3206 Firmware	v100r002c00
Huawei	Tp3206	-

Related Weaknesses (CWE)

CWE-125

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-enVendor Advisory
http://www.securityfocus.com/bid/101951Third Party AdvisoryVDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-enVendor Advisory
http://www.securityfocus.com/bid/101951Third Party AdvisoryVDB Entry

FAQ

What is CVE-2017-8199?

CVE-2017-8199 is a vulnerability with a CVSS score of 6.5 (MEDIUM). MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the ...

How severe is CVE-2017-8199?

CVE-2017-8199 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8199?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Max Presence Firmware, Huawei Max Presence, Huawei Tp3106 Firmware, Huawei Tp3106, Huawei Tp3206 Firmware.