7.5

CVE-2017-17299

Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00S, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, IPS Module V500R001C30, NIP6300 V500R001C30, NetEngine16EX V200R006C10, V200R007C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker may send crafted IKE V2 messages to the affected products. Due to the insufficient validation of the messages, successful exploit will cause invalid memory access and result in a denial of service on the affected products.

Data is provided by the National Vulnerability Database (NVD)
HuaweiAr120-s Firmware Versionv200r006c10
   HuaweiAr120-s Version-
HuaweiAr120-s Firmware Versionv200r007c00
   HuaweiAr120-s Version-
HuaweiAr1200 Firmware Versionv200r006c10
   HuaweiAr1200 Version-
HuaweiAr1200 Firmware Versionv200r006c13
   HuaweiAr1200 Version-
HuaweiAr1200 Firmware Versionv200r007c00
   HuaweiAr1200 Version-
HuaweiAr1200 Firmware Versionv200r007c02
   HuaweiAr1200 Version-
HuaweiAr1200-s Firmware Versionv200r006c10
   HuaweiAr1200-s Version-
HuaweiAr1200-s Firmware Versionv200r007c00
   HuaweiAr1200-s Version-
HuaweiAr1200-s Firmware Versionv200r008c20
   HuaweiAr1200-s Version-
HuaweiAr150 Firmware Versionv200r006c10
   HuaweiAr150 Version-
HuaweiAr150 Firmware Versionv200r007c00
   HuaweiAr150 Version-
HuaweiAr150 Firmware Versionv200r007c02
   HuaweiAr150 Version-
HuaweiAr150-s Firmware Versionv200r006c10
   HuaweiAr150-s Version-
HuaweiAr150-s Firmware Versionv200r007c00
   HuaweiAr150-s Version-
HuaweiAr160 Firmware Versionv200r006c10
   HuaweiAr160 Version-
HuaweiAr160 Firmware Versionv200r006c12
   HuaweiAr160 Version-
HuaweiAr160 Firmware Versionv200r007c00s
   HuaweiAr160 Version-
HuaweiAr160 Firmware Versionv200r007c02
   HuaweiAr160 Version-
HuaweiAr200 Firmware Versionv200r006c10
   HuaweiAr200 Version-
HuaweiAr200 Firmware Versionv200r007c00
   HuaweiAr200 Version-
HuaweiAr200-s Firmware Versionv200r006c10
   HuaweiAr200-s Version-
HuaweiAr200-s Firmware Versionv200r007c00
   HuaweiAr200-s Version-
HuaweiAr2200 Firmware Versionv200r006c10
   HuaweiAr2200 Version-
HuaweiAr2200 Firmware Versionv200r006c13
   HuaweiAr2200 Version-
HuaweiAr2200 Firmware Versionv200r006c16
   HuaweiAr2200 Version-
HuaweiAr2200 Firmware Versionv200r007c00
   HuaweiAr2200 Version-
HuaweiAr2200 Firmware Versionv200r007c02
   HuaweiAr2200 Version-
HuaweiAr2200-s Firmware Versionv200r006c10
   HuaweiAr2200-s Version-
HuaweiAr2200-s Firmware Versionv200r007c00
   HuaweiAr2200-s Version-
HuaweiAr2200-s Firmware Versionv200r008c20
   HuaweiAr2200-s Version-
HuaweiAr3200 Firmware Versionv200r006c10
   HuaweiAr3200 Version-
HuaweiAr3200 Firmware Versionv200r006c11
   HuaweiAr3200 Version-
HuaweiAr3200 Firmware Versionv200r007c00
   HuaweiAr3200 Version-
HuaweiAr3200 Firmware Versionv200r007c02
   HuaweiAr3200 Version-
HuaweiAr3600 Firmware Versionv200r006c10
   HuaweiAr3600 Version-
HuaweiAr3600 Firmware Versionv200r007c00
   HuaweiAr3600 Version-
HuaweiAr510 Firmware Versionv200r006c12
   HuaweiAr510 Version-
HuaweiAr510 Firmware Versionv200r006c13
   HuaweiAr510 Version-
HuaweiAr510 Firmware Versionv200r006c15
   HuaweiAr510 Version-
HuaweiAr510 Firmware Versionv200r006c16
   HuaweiAr510 Version-
HuaweiAr510 Firmware Versionv200r006c17
   HuaweiAr510 Version-
HuaweiAr510 Firmware Versionv200r007c00
   HuaweiAr510 Version-
HuaweiIps Module Firmware Versionv500r001c30
   HuaweiIps Module Version-
HuaweiNip6300 Firmware Versionv500r001c30
   HuaweiNip6300 Version-
HuaweiNetengine16ex Firmware Versionv200r006c10
   HuaweiNetengine16ex Version-
HuaweiNetengine16ex Firmware Versionv200r007c00
   HuaweiNetengine16ex Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.15% 0.318
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.