CVE-2017-17151
high-risk
Published 2018-02-15
Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS attacks.
Do I need to act?
-
0.13% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.9/10
Medium
NETWORK
/ HIGH complexity
Affected Products (20)
Ar100 Firmware
Ar100 Firmware
Ar100 Firmware
Ar100 Firmware
Ar100 Firmware
Ar100-S Firmware
Ar100-S Firmware
Ar100-S Firmware
Ar100-S Firmware
Ar100-S Firmware
Ar100-S Firmware
Ar100-S Firmware
Ar110-S Firmware
Ar110-S Firmware
Ar110-S Firmware
Ar110-S Firmware
Ar110-S Firmware
Ar120 Firmware
Ar120 Firmware
Ar120 Firmware
Affected Vendors
References (2)
52
/ 100
high-risk
Severity
18/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
33/34 · Critical