CVE-2017-15319 — Out-of-bounds Read in Technologies CO LTD Rp200

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 56.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Technologies CO LTD Rp200 Huawei Technologies CO LTD Te30 Huawei Technologies CO LTD Te40 +7 more

Timeline

PublishedDec 22

Latest updateMay 14

Description

RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

▶NVDhuawei/te30_firmwarev100r001c10, v500r002c00, v600r006c00+2

▶NVDhuawei/te40_firmwarev500r002c00, v600r006c00+1

▶NVDhuawei/te50_firmwarev500r002c00, v600r006c00+1

▶NVDhuawei/te60_firmwarev100r001c10, v500r002c00, v600r006c00+2

▶NVDhuawei/rp200_firmwarev500r002c00, v600r006c00+1

🔴Vulnerability Details

GHSA

GHSA-fx56-x2jr-24g7: RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R00↗2022-05-14

▶

CVEList

CVE-2017-15319: RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R00↗2017-12-22

▶