CVE-2017-15348

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 64.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei IPS Module Firmware Huawei Ngfw Module Firmware Huawei Nip6300 Firmware +5 more

Timeline

PublishedFeb 15

Latest updateMay 14

Description

Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

▶NVDhuawei/secospace_usg6300_firmwarev500r001c00

▶NVDhuawei/secospace_usg6500_firmwarev500r001c00

▶NVDhuawei/secospace_usg6600_firmwarev500r001c00

▶NVDhuawei/ngfw_module_firmwarev500r001c00

▶NVDhuawei/ips_module_firmwarev500r001c00

🔴Vulnerability Details

GHSA

GHSA-q9cq-gqq7-99gq: Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V50↗2022-05-14

▶

CVEList

CVE-2017-15348: Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V50↗2018-02-15

▶