CVE-2017-17162Missing Release of Resource after Effective Lifetime in Huawei Secospace Usg6600 Firmware

CWE-772Missing Release of Resource after Effective Lifetime3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Secospace Usg6600 FirmwareHuawei Usg9500 Firmware
Timeline
PublishedFeb 15
Latest updateMay 13

Description

Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDhuawei/secospace_usg6600_firmwarev500r001c30spc100, v500r001c30spc200, v500r001c30spc300+2
NVDhuawei/usg9500_firmwarev500r001c30spc100, v500r001c30spc200, v500r001c30spc300+2

🔴Vulnerability Details

2
GHSA
GHSA-g5jm-qrqq-cw8j: Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG952022-05-13
CVEList
CVE-2017-17162: Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG952018-02-15
CVE-2017-17162 — Huawei vulnerability | cvebase