CVE-2017-8201 — MEDIUM (6.5)

Vulnerability Description

MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Max Presence Firmware	v100r001c00
Huawei	Max Presence	-
Huawei	Tp3106 Firmware	v100r002c00
Huawei	Tp3106	-
Huawei	Tp3206 Firmware	v100r002c00
Huawei	Tp3206	-

Related Weaknesses (CWE)

CWE-772

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-enVendor Advisory
http://www.securityfocus.com/bid/101952Third Party AdvisoryVDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-enVendor Advisory
http://www.securityfocus.com/bid/101952Third Party AdvisoryVDB Entry

FAQ

What is CVE-2017-8201?

CVE-2017-8201 is a vulnerability with a CVSS score of 6.5 (MEDIUM). MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affec...

How severe is CVE-2017-8201?

CVE-2017-8201 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8201?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Max Presence Firmware, Huawei Max Presence, Huawei Tp3106 Firmware, Huawei Tp3106, Huawei Tp3206 Firmware.