CVE-2017-17163 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Technologies CO LTD Secospace Usg6600

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 94.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Technologies CO LTD Secospace Usg6600 Huawei Secospace Usg6600 Firmware

Timeline

PublishedFeb 15

Latest updateMay 14

Description

Huawei Secospace USG6600 V500R001C30SPC100 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by executing some commands. The attacker can exploit this vulnerability to cause a denial of service.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/secospace_usg6600_firmwarev500r001c30spc100

▶CVEListV5huawei_technologies_co_ltd/secospace_usg6600V500R001C30SPC100

🔴Vulnerability Details

GHSA

GHSA-59rw-768x-rhf2: Huawei Secospace USG6600 V500R001C30SPC100 has an Out-of-Bounds memory access vulnerability due to insufficient verification↗2022-05-14

▶

CVEList

CVE-2017-17163: Huawei Secospace USG6600 V500R001C30SPC100 has an Out-of-Bounds memory access vulnerability due to insufficient verification↗2018-02-15

▶