CVE-2017-8199

MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot.

Published: Nov 22, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-8199
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
huawei / max_presence_firmware	100r001c00	100r001c00.x
huawei / tp3106_firmware	100r002c00	100r002c00.x
huawei / tp3206_firmware	100r002c00	100r002c00.x

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-en
http://www.securityfocus.com/bid/101951

Vulnerability Database

289,599

CVE-2017-8199