Vulnerability Details : CVE-2017-15348
Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.
Vulnerability category: Input validation
Products affected by CVE-2017-15348
- cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ips_module_firmware:v500r001c00:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-15348
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-15348
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-15348
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-15348
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en
Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei ProductsVendor Advisory
Jump to