CVE-2017-17162

Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.

Published: Feb 15, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-17162
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-772

Affected Software
References

Software	From	Fixed in
huawei / secospace_usg6600_firmware	500r001c30spc100	500r001c30spc100.x
huawei / secospace_usg6600_firmware	500r001c30spc200	500r001c30spc200.x
huawei / secospace_usg6600_firmware	500r001c30spc300	500r001c30spc300.x
huawei / usg9500_firmware	500r001c30spc100	500r001c30spc100.x
huawei / usg9500_firmware	500r001c30spc200	500r001c30spc200.x
huawei / usg9500_firmware	500r001c30spc300	500r001c30spc300.x

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-firewall-en

Vulnerability Database

289,697

CVE-2017-17162