CVE-2017-15349

moderate-risk
Published 2018-02-15

Huawei CloudEngine 12800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 5800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 6800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 7800 V100R003C00, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Resource ReServation Protocol (RSVP) packets to the affected products. Due to not release the memory to handle the packets, successful exploit will result in memory leak of the affected products and lead to a DoS condition.

Do I need to act?

-
0.17% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (16)

Cloudengine 5800 Firmware
Cloudengine 5800 Firmware
Cloudengine 5800 Firmware
Cloudengine 5800 Firmware

Affected Vendors

Huawei

References (2)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-router-...
Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-router-...
45
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 18/34 · Moderate