CVE-2017-15344

Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could cause system reboot.

Published: Feb 15, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-15344
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-190

Affected Software
References

Software	From	Fixed in
huawei / ar120-s_firmware	200r006c10	200r006c10.x
huawei / ar120-s_firmware	200r007c00	200r007c00.x
huawei / ar120-s_firmware	200r008c20	200r008c20.x
huawei / ar120-s_firmware	200r008c30	200r008c30.x
huawei / ar1200_firmware	200r007c01	200r007c01.x
huawei / ar1200_firmware	200r007c02	200r007c02.x
huawei / ar3200_firmware	200r006c11	200r006c11.x
huawei / ar3200_firmware	200r008c00	200r008c00.x
huawei / ar3200_firmware	200r008c10	200r008c10.x

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-02-sctp-en

Vulnerability Database

289,697

CVE-2017-15344