5.5
CVE-2017-17162
- EPSS 0.02%
- Published 15.02.2018 16:29:02
- Last modified 21.11.2024 03:17:36
- Source psirt@huawei.com
- Teams watchlist Login
- Open Login
Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.
Data is provided by the National Vulnerability Database (NVD)
Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c30spc100
Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c30spc200
Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c30spc300
Huawei ≫ Usg9500 Firmware Versionv500r001c30spc100
Huawei ≫ Usg9500 Firmware Versionv500r001c30spc200
Huawei ≫ Usg9500 Firmware Versionv500r001c30spc300
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.031 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
CWE-772 Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.