CVE-2017-15343

CWE-190Integer Overflow3 documents3 sources
Severity
7.5HIGH
EPSS
0.3%
top 49.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Huawei Technologies Co., Ltd. Ar3200Huawei Ar120-s FirmwareHuawei Ar1200 Firmware+1 more
Timeline
PublishedFeb 15
Latest updateMay 14

Description

Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could system reboot.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDhuawei/ar3200_firmwarev200r006c11, v200r008c00, v200r008c10+2
CVEListV5huawei_technologies_co.,_ltd./ar3200V200R006C10,V200R006C11,V200R007C00,V200R007C01,V200R007C02,V200R008C00,V200R008C10,V200R008C20,V200R008C30
NVDhuawei/ar1200_firmwarev200r007c01, v200r007c02+1
NVDhuawei/ar120-s_firmware4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-qmxm-gf38-hm47: Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an2022-05-14
CVEList
CVE-2017-15343: Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an2018-02-15
CVE-2017-15343 (HIGH CVSS 7.5) | Huawei AR3200 with software V200R00 | cvebase.io